We are seeking a Principal Cyber Security Engineer with hands-on experience designing, deploying, and optimizing SIEM (Security Incident & Event Management) platforms at scale. The individual will own the end-to-end lifecycle of SIEM capability—from architecture and data onboarding to content engineering, automation, and continuous improvement. The individual will collaborate with SOC analysts, incident responders, threat hunters, IT operations, and application teams to ensure high-fidelity detections, actionable visibility, and reliable, compliant log management. At this time, Ally will not sponsor a new applicant for employment authorization for this position. The Work Itself SIEM Architecture & Ownership. Design and maintain the SIEM architecture, including data ingestion pipelines, parsers, normalization schemas, storage tiers, and retention strategies. Evaluate and implement SIEM platform features and integrations; drive upgrades and migrations as needed. Data Onboarding & Normalization. Onboard logs from diverse sources (EDR, firewalls, IDS/ IPS, IAM, AD, DNS, proxies, email security, cloud platforms like AWS/ Azure/ GCP, Saas apps, containers/ Kubernetes, D - Bs, identity providers). Implement data quality monitoring and SLA-driven dashboards for ingestion health, parser accuracy, and data latency. Performance, Scale, and Reliability. Optimize SIEM performance: indexing, search speed, hot/warm/cold storage, retention, and cost control. Implement role-based access control, multitenancy (if applicable), and data governance. Ensure high availability and disaster recovery; document and test failover procedures. Monitoring, Metrics, and Continuous Improvement. Define KPIs/ KR - Is (e.g., MTTD, alert quality, data freshness, coverage, false positive rate). Lead purple-team exercises and detection gap assessments; drive remediation. Provide runbooks, knowledge base articles, and training to SOC and IT teams. Compliance & Governance. Align SIEM data handling with regulatory and contractual requirements (e.g., SOC 2, ISO 27001, PCI-DSS, HIPAA, GDPR). Implement data minimization, masking, and retention policies, support audits and eDiscovery. Collaboration & Leadership. Partner with IT/ Cloud/ Data teams to implement logging at source and ensure secure, reliable transport. Mentor junior engineers and analysts; perform code reviews and content validation. Contribute to security architecture reviews for new systems and applications. The Skills You Bring Minimum Qualifications 7 years of relevant experience Bachelor's degree or equivalent. Preferred Qualifications. Highly preferred: 5 years of experience in SIEM engineering or closely related security engineering roles. Highly preferred: Proven expertise with at least one enterprise SIEM platform end-to-end, preferably Splunk and Cribl (e.g., Splunk, Microsoft Sentinel, Q - Radar, Elastic Security, Exabeam, Sumo Logic, LogRhythm, Chronicle). Strong proficiency in:Data parsing and normalization (e.g., regex, grok, KQL, SPL, AQL, Lucene). Scripting/automation (e.g., Python, PowerShell, REST APIs, Terraform/ Ansible preferred). Log source onboarding from Windows/ Linux, AD, network devices, cloud services, EDR, and Saas. Experience with cloud logging and security services (e.g., AWS Cloud. Trail/ Cloud. Watch/ Guard. Duty, Azure Defender/ M 365, GCP Audit Logs). Experience with Agile methodologies and collaborative work environments. Familiarity with identity and access management, network security, endpoint security, and common enterprise architectures. Excellent communication and stakeholder management skills. Experience with UEBA/behavior analytics and anomaly detection. Experience with EDR/ XDR integrations and telemetry correlation. Certifications: GCDA, GCIA, GCFE, GCIH, GMON, Splunk Certified Architect, Microsoft Certified: Cybersecurity Architect, AWS/ Azure security certs, CISSP.#LI-Hybrid