SIEM Integration Architect

What success looks like in this role:

• Lead the integration of alarm/data feeds from multiple SIEM platforms (e.g., Splunk, LogRhythm, Securonix) into Microsoft Sentinel.
• Configure and manage Cribl pipelines to collect, filter, transform, and enrich raw data before forwarding to Sentinel.
• Design and implement data normalization strategies to ensure consistent formatting, tagging, and field mapping.
• Build and maintain data ingestion workflows, ensuring optimized performance, scalability, and reliability.
• Develop and maintain custom Sentinel connectors, KQL queries, workbooks, and analytics rules.
• Implement and tune SOAR automation playbooks using Logic Apps or integrated response tools.
• Collaborate with resolver teams (Platform, Application, CloudOps) for end-to-end use case implementation.
• Act as SME for Microsoft Sentinel and Cribl architecture in client-facing and technical forums.
• Troubleshoot integration and ingestion issues across hybrid and cloud-native infrastructures.
• Establish alert pipelines to bring security alerts/alarms from legacy SIEM tools into Sentinel for centralized monitoring.
• Ensure data integrity, compliance, and auditability in accordance with customer and regulatory requirements.
• Generate technical documentation, integration standards, and data flow diagrams.
• Provide expert guidance to SOC analysts and security engineers on new use cases and data onboarding.
• Stay updated on current and emerging threats to enhance detection and response capabilities.

You will be successful in this role if you have:

• Required Skills & Experience:
• 10–15 years of experience in cybersecurity, with a strong technical background in SIEM tools and security data architecture.
• Proven experience with Microsoft Sentinel, including data connectors, KQL, and automation via Logic Apps.
• Hands-on expertise in Cribl: stream design, data parsing, enrichment, routing, and performance tuning.
• Experience with multiple SIEM platforms (e.g., Splunk, LogRhythm, Securonix) and their alarm/log structures.
• Deep understanding of SIEM data ingestion models, log collection, and telemetry pipelines.
• Familiarity with cloud-native services (Azure, AWS, GCP) and their logging/integration mechanisms.
• Scripting experience with Python and PowerShell for integration and automation tasks.
• Strong knowledge of security frameworks (MITRE ATT&CK, NIST, OWASP, etc.) and their application in real-world use cases.
• Ability to troubleshoot complex integration issues involving multiple data sources and tools.

Key Qualifications:

• Bachelor’s degree in Computer Science, Information Security, or related field.
• Certifications preferred: Microsoft SC-200, Security+, GCIH, CEH, Cribl Certified Admin.
• Excellent communication and stakeholder management skills.
• Strong problem-solving mindset and attention to detail.
• Ability to mentor junior staff and lead technical discussions.

Unisys is proud to be an equal opportunity employer that considers all qualified applicants without regard to age, blood type, caste, citizenship, color, disability, family medical history, family status, ethnicity, gender, gender expression, gender identity, genetic information, marital status, national origin, parental status, pregnancy, race, religion, sex, sexual orientation, transgender status, veteran status or any other category protected by law.

This commitment includes our efforts to provide for all those who seek to express interest in employment the opportunity to participate without barriers. If you are a US job seeker unable to review the job opportunities herein, or cannot otherwise complete your expression of interest, without additional assistance and would like to discuss a request for reasonable accommodation, please contact our Global Recruiting organization at [email protected] or alternatively Toll Free: 888-560-1782 (Prompt 4).  US job seekers can find more information about Unisys’  EEO commitment here.