SecOps Security Data Pipeline Engineer - North Central region (Remote in the U.S

SecOps Security Data Pipeline Engineer – North Central

GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation’s top organizations, such as Fortune 500 companies and U.S. government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk.

GuidePoint Security is seeking a Security Data Pipeline Engineer to design, normalize, and optimize log ingestion and routing across security and observability platforms (e.g., Cribl, Observo, Datadog, SIEMs). The role will focus on data transformation, schema mapping (UDM/OCSF), and ensuring clean, reliable telemetry for detection and analytics.

Requirements:

• Hands-on experience with observability products such as SIEM (Security Information Event Management) and log observability tools.
• In-depth knowledge of log management, monitoring, and alerting techniques.
• Strong experience with log routing, normalization, and enrichment in platforms such as Cribl, Observo, Datadog, or SIEMs (e.g., Splunk, Google SecOps/Chronicle, Cortex XSIAM, Sentinel)
• Familiarity with common logging schemas (e.g., UDM, OCSF, ECS, CEF, LEEF).
• Understanding of log transport protocols (syslog, HTTP/HTTPS APIs, Kafka, S3, cloud-native pipelines).
• Understanding of security telemetry requirements for detection response (authentication logs, firewall logs, endpoint telemetry, DNS, proxy).
• Establish and maintain a logging governance framework, including standards, policies, and audit reviews.
• Strong troubleshooting skills for ingestion, parsing, and governance gaps with ability to deliver roadmap improvements.
• Evaluate and optimize existing log collection, storage, and analysis practices; identify gaps and risks.
• Ability to build dashboards, data dictionaries, and observability metrics for SOC visibility.
• Experience with setting up, modifying, and tuning alerts within the SIEM to ensure critical threats are identified properly.
• Understanding data ingestion, transformation, and enrichment workflows for integrating various log sources, network telemetry, and security event data into observability platforms.
• Ability to work with and understand log parsing, aggregation, and normalization.
• Proven track record working in a Security Operations Center (SOC), with direct involvement in threat detection, incident response, and security event monitoring. Strong understanding of SOC workflows and processes.
• Ability to communicate strongly and efficiently within the SOC. Must be able to collaborate with internal stakeholders and external vendors.
• Comfortable producing clear, concise reports and documentation related to security incidents and system performance.

You’ll Bring These Qualifications:

• Experience with one or more products: Splunk, Google SecOps/Chronicle, Palo Alto XSIAM, Elastic, CrowdStrike NG-SIEM, Observo, Tableau, etc.
• Experience with Cribl Stream/Edge/Search (certifications strongly preferred).
• Familiarity with compliance frameworks (M-21-31, NIST CSF/800-53, CIS, ISO 27001, GDPR, PCI-DSS, HIPAA).
• Bachelor’s degree in a relevant discipline or equivalent experience
• Minimum 4 years in an enterprise level security consultative role building and assessing Information Security architectures and programs
• Prior experience in a technical leadership role, must demonstrate strong problem-solving abilities and a solutions-driven mindset
• Must demonstrate strong interpersonal and communication skills, with the ability to clearly convey technical concepts to clients