Cribl Engineer

Responsibilities

• Lead architecture and design for Cribl Stream/Edge across multiple enclaves and data domains.
• Build high throughput pipelines (multiTB/day) with advanced routing, filtering, enrichment, and replay workflows.
• Optimize system performance, worker topology, CPU/memory distribution, queues, and transport mechanisms.
• Engineer secure data flows with masking, tokenization, RBAC, PKI/TLS, and other governance controls.
• Integrate pipelines with SIEM/analytics ecosystems (Splunk, Elastic, SaaS telemetry platforms, cloud services).
• Develop HA/DR patterns, reliability frameworks, fleet health metrics, and failure mode response processes.
• Maintain reusable Cribl packs, shared patterns, runbooks, and operational standards.
• Serve as the senior escalation point for Cribl issues; interface with vendor engineering as required.
• Mentor engineers, conduct design reviews, drive engineering excellence, and enforce architectural standards.
• Support cross functional teams (security, cloud, analytics, infrastructure) on logging and telemetry strategy.

Requirements

• Must possess a TS/SCI w/Poly (CI or FS)
• 10+ years of experience in logging, observability, or SIEM engineering.
• 5+ years architecting enterprise scale log/telemetry pipelines.
• 3+ years hands-on with Cribl Stream and Cribl Edge in production environments.
• Demonstrated success operating and scaling pipelines at 5-10+ TB/day.
• Expert-level experience with Splunk forwarding/ingestion, source type management, and indexing practices.
• Strong Linux fundamentals; scripting expertise (Python/Bash); Git; automation (Ansible/Terraform).
• Strong understanding of transport protocols (HTTP, TCP, TLS/MTLS), Kafka, S3/object storage.
• Experience designing secure data flows, including encryption, RBAC, secrets management, and compliance controls.
• Demonstrated ability to mentor senior engineers and lead technical decision making.
• Certified Cribl Certified Engineer (CCOE) or equivalent Cribl product expertise.
• Must possess the following DoD 8570.01-M certifications or be willing to obtain within 30 days of hire:
• Information Assurance Technician (IAT) Level II certification (currently Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND).
• IAT Level III certification requirements (currently CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, or GCIH).
• Cyber Security Service Provider (CSSP) - Infrastructure Support (IS) certification requirements (currently CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND).
• Expertise creating and maintaining Cribl Packs and reusable pipelines.
• Experience with cloud telemetry (AWS, Azure, hybrid) and cross domain data movement patterns.
• Familiarity with NIST / CIS control frameworks and secure engineering practices.
• Experience building observability frameworks for large distributed systems.
• Vendor engagement experience (Cribl PS, product teams, troubleshooting escalations).
• " Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information ."
• We use Greenhouse Software as our applicant tracking system and Zoom Scheduler for HR screen request scheduling. At times, your email may block our communica

Benefits

Additional Information

GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation's top organizations, such as Fortune 500 companies and U.S. government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk. About GuidePoint Security GuidePoint Security is a leading cybersecurity solutions and services firm enabling federal government organizations to make smarter security decisions that minimize risk. With more than 800 vetted technology vendor partnerships and deep practitioner expertise across every major cybersecurity domain, GuidePoint serves more than half of the U.S. Government's cabinet-level agencies across Civilian, DoD, and Intelligence Community segments, as well as Federal System Integrators and major defense prime contractors. We are growing our federal presales engineering team and looking for technically exceptional engineers who thrive at the intersection of federal mission and cybersecurity technology. We are seeking a highly experienced Cribl Engineer to serve as the principal technical authority for observability pipelines built on Cribl Stream and Cribl Edge. This role is designed for a senior technologist with deep expertise in log/telemetry routing, large scale data engineering, and enterprise-grade observability architectures. You will shape pipeline strategy, design complex routing and transformation logic, drive platform reliability, mentor senior engineers, and serve as the top technical escalation point for Cribl related challenges.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at guidepointsecurity? Share your experience