Role description
Cribl Engineer - Role Summary
The Cribl Engineer is responsible for designing, deploying, and operating telemetry data pipelines using Cribl Stream in a cloud-centric environment. This role focuses on enabling reliable, scalable, and cost-efficient log ingestion and routing across SIEM and observability platforms, supporting detection engineering, audit, and operational excellence objectives.
Key Responsibilities
- Design, build, and maintain Cribl Stream pipelines (routes, parsing, filtering, transformation).
- Manage log ingestion and routing to downstream platforms (e.g., Google SecOps, Splunk, or other SIEMs).
- Optimize pipelines for performance, cost efficiency, and reliability.
- Troubleshoot and resolve data flow, ingestion, and pipeline issues in production.
- Implement automation using infrastructure-as-code (Terraform, CloudFormation) and CI/CD pipelines.
- Operate within AWS and/or multi-cloud environments, supporting scalable telemetry processing.
- Integrate Cribl with cloud-native services and enterprise systems.
- Collaborate with Detection Engineers, DREs, and platform teams to ensure data availability aligns with detection and compliance use cases.
- Monitor pipeline health and ensure adherence to operational SLAs and reliability standards.
- Apply security and compliance best practices for log handling and transmission.
- Experience supporting large-scale migrations highly desired (e.g., SIEM or log pipeline transformations)
Required Qualifications
- Hands-on experience with Cribl Stream (pipelines, routes, packs, edge/workers).
- Experience with log management / observability / telemetry pipelines.
- Strong knowledge of log formats and parsing (e.g., JSON, syslog, regex).
- Experience with cloud platforms (AWS preferred; Azure/GCP acceptable).
- Solid understanding of Linux/Unix environments.
- Scripting experience (e.g., Python, Bash).
- Experience troubleshooting data ingestion and pipeline performance issues.
Preferred Qualifications
- Experience with SIEM platforms (Google SecOps/Chronicle, Splunk, Elastic).
- Familiarity with containerization/orchestration (Docker, Kubernetes).
- Experience with infrastructure-as-code and deployment automation.
- Exposure to high-volume telemetry environments and cost optimization strategies.
- Understanding of security telemetry, detection engineering, or SOC workflows.
Key Outcomes / Measures of Success
- Reliable and consistent log ingestion with minimal data loss.
- Improved pipeline performance and reduced ingestion cost.
- Timely resolution of data flow and onboarding issues.
- Scalable and maintainable cloud-based telemetry architecture.
Alignment of telemetry pipelines to detection, audit, and compliance requirements.
Skills
siem,python,linux,aws security,
About UST
UST is a global digital transformation solutions provider. For more than 20 years, UST has worked side by side with the world’s best companies to make a real impact through transformation. Powered by technology, inspired by people and led by purpose, UST partners with their clients from design to operation. With deep domain expertise and a future-proof philosophy, UST embeds innovation and agility into their clients’ organizations. With over 30,000 employees in 30 countries, UST builds for boundless impact—touching billions of lives in the process.
