A leading federal technology organization is seeking a Lead Coralogix SIEM Engineer for a remote opportunity open to candidates in the United States. This role will serve as the hands-on technical owner for the Coralogix platform, supporting security operations, log management, and detection engineering in a regulated environment.

About the Opportunity:
- Shift: Day shift
- Schedule: Monday through Friday
- Hours: EST hours
- Setting: Remote
Responsibilities:
- Serve as the technical owner and full platform administrator for Coralogix within a shared multi-tenant SOC environment.
- Design, implement, and maintain enterprise log collection pipelines across multiple networks and architectures.
- Develop detections, alerts, and correlation logic to strengthen security monitoring and response capabilities.
- Support incident management processes and SLA instrumentation for operational visibility.
- Contribute to broader SecOps platform strategy, including integrations and improvements across the security operations stack.
Qualifications:
- 10+ years of hands-on cybersecurity engineering experience, including at least 5 years in SIEM platform engineering, administration, or log management.
- Demonstrable hands-on Coralogix experience, including platform administration, DataPrime query language, alert development, parsing rules, TCO Optimizer configuration, and log pipeline design.
- Proven experience architecting and managing enterprise-scale logging pipelines, including OpenTelemetry Collector deployment in agent and gateway models.
- Experience onboarding and integrating diverse log sources, including cloud services, Kubernetes workloads, Windows and Linux endpoints, and network or security appliances.
- Experience designing log pipelines with data masking, field redaction, or sensitive data handling requirements.
Desired Skills:
- Experience with SOAR platforms and webhook-based alert orchestration integrated with Coralogix.
- Familiarity with AWS GovCloud logging architecture, cross-account log aggregation, and FedRAMP-compliant configurations.
- Knowledge of MITRE ATT&CK and its application to detection coverage mapping and gap analysis.
- Experience supporting ATO or RMF processes, security control assessments, or security authorization activities.
- Relevant security operations or cloud security certifications.
