Lead Coralogix SIEM Engineer

A leading federal technology organization is seeking a Lead Coralogix SIEM Engineer for a remote opportunity open to candidates in the United States. This role will serve as the hands-on technical owner for the Coralogix platform, supporting security operations, log management, and detection engineering in a regulated environment.

**Please no 3rd party candidates -- only direct candidates on W2**

About the Opportunity:

• Shift: Day shift

• Schedule: Monday through Friday

• Hours: EST hours

• Setting: Remote

Responsibilities:

• Serve as the technical owner and full platform administrator for Coralogix within a shared multi-tenant SOC environment.

• Design, implement, and maintain enterprise log collection pipelines across multiple networks and architectures.

• Develop detections, alerts, and correlation logic to strengthen security monitoring and response capabilities.

• Support incident management processes and SLA instrumentation for operational visibility.

• Contribute to broader SecOps platform strategy, including integrations and improvements across the security operations stack.

Qualifications:

• 10+ years of hands-on cybersecurity engineering experience, including at least 5 years in SIEM platform engineering, administration, or log management.

• Demonstrable hands-on Coralogix experience, including platform administration, DataPrime query language, alert development, parsing rules, TCO Optimizer configuration, and log pipeline design.

• Proven experience architecting and managing enterprise-scale logging pipelines, including OpenTelemetry Collector deployment in agent and gateway models.

• Experience onboarding and integrating diverse log sources, including cloud services, Kubernetes workloads, Windows and Linux endpoints, and network or security appliances.

• Experience designing log pipelines with data masking, field redaction, or sensitive data handling requirements.

Desired Skills:

• Experience with SOAR platforms and webhook-based alert orchestration integrated with Coralogix.

• Familiarity with AWS GovCloud logging architecture, cross-account log aggregation, and FedRAMP-compliant configurations.

• Knowledge of MITRE ATT&CK and its application to detection coverage mapping and gap analysis.

• Experience supporting ATO or RMF processes, security control assessments, or security authorization activities.

• Relevant security operations or cloud security certifications.