SecurityEngineer(Splunk)

## Description About Coalfire Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Chicago, Illinois with offices across the U.S. and U.K., and we support clients around the world. But that’s not who we are – that’s just what we do.   We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference. ## What You’ll Do Maintain SIEM solutions (Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) in cloud environments (AWS, Azure, GCP) to support FedRAMP continuous monitoring requirements Maintain and support SIEM platforms (Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) in AWS, Azure, and GCP environments to support continuous monitoring and compliance requirements Manage and maintain log collection infrastructure including forwarders, collectors, and ingestion pipelines across hybrid environments Support SIEM performance tuning, storage management, retention settings, and licensing optimization under established operational guidelines Implement and maintain log retention and audit configurations aligned with FedRAMP and other compliance framework requirements Develop, tune, and maintain detection rules, correlation searches, and alerting logic to identify security events Create and maintain custom parsers and field extractions for complex or proprietary log sources Reduce false positives through ongoing rule tuning, baseline analysis, and detection improvement efforts Participate in peer reviews of detection rules and SIEM configuration changes Monitor SIEM alerts and investigate security events to support incident response and threat hunting activities Contribute to development and maintenance of detection and response playbo