TC-CS-CDR-Cribl-Senior

Senior Cribl Engineer (Stream & Edge)

We are seeking a highly skilled and hands-on Senior Cribl Engineer with a minimum of 3 - 5 years of dedicated experience in the Cribl Stream and Edge. The ideal candidate will be a subject matter expert in designing, implementing, and optimizing large-scale data pipelines to drive SIEM efficiency and storage optimization.

Key Responsibilities:

• Data Engineering, Pipeline Management Architect and implementing end-to-end data onboarding from diverse sources (Syslog, S3, REST API, AWS, Azure, Firewalls, Crowdstrike, Web Proxies, Collectors) using Stream and Edge.
• Design robust, scalable pipelines to reduce, parse, and transform raw data, ensuring only high-value logs reach the SIEM while routing full-fidelity data to low-cost storage.
• Manage complex routing logic to send data to multiple destinations simultaneously (e.g., Splunk, Cloud, S3, Sentinel).
• Demonstrate deep expertise in deploying and tweaking existing Cribl Packs. You will be expected to build custom Packs from scratch for proprietary or non-standard data sources to Configure and manage Data Replay workflows from object storage and implement real-time data enrichment using Redis, GeoIP, or lookups.
• Deploy and manage Cribl Edge nodes to collect and process data at the source, ensuring seamless integration with the centralized Stream environment.
• Hybrid & On-Prem Deployment of Cribl by leading the installation, configuration, and maintenance of Cribl in hybrid and strictly on-premise environments.
• Manage Worker Groups and Edge Fleets, ensuring high availability, load balancing, and optimal resource allocation across the distributed architecture.

Technical Requirements

• Experience: 3 - 5 years of hands-on experience specifically with Cribl Stream and Cribl Edge.
• Data Skills: Knowledge of Regex, JavaScript (for Cribl functions) to build complex pipelines.
• Architecture: Proven experience setting up Cribl hybrid architecture by configuring Leader Nodes, Worker Nodes, Worker Groups and Fleet Management.
• SIEM Understanding: Strong understanding of SIEM (Splunk, Sentinel, NG-SIEM etc..) and how data quality impacts security operations.
• Certification: Cribl Stream Admin, Cribl Edge Admin