Lead log analytics and detection infrastructure migration from Splunk to Sentinel One Data Lake. Design a phased migration plan and translate Splunk SPL queries into Sentinel One Data Lake query language. Configure and onboard log sources into Sentinel One Data Lake.
Key Highlights
Key Responsibilities
Technical Skills Required
Nice to Have
Job Description
Position: SIEM Engineer โ Sentinel One Data Lake (Splunk Migration)
Location: 100% Remote
Duration: 12 months
Job Description:
We are seeking an experienced SIEM Engineer to lead our log analytics and detection infrastructure migration from Splunk to Sentinel One Data Lake. This role is pivotal in redefining our security telemetry ingestion, detection engineering, and analytics workflows using Sentinel Oneโs native data lake and Singularity platform.
Key Responsibilities:
- Migration Strategy & Execution:
Design and implement a phased migration plan from Splunk to Sentinel One Data Lake.
Map existing Splunk use cases, saved searches, alerts, dashboards, and data models to Sentinel One equivalents.
Translate Splunk SPL queries into Sentinel One Data Lake query language (e.g., XDR Query Language - XQL).
- Data Ingestion & Normalization:
Configure and onboard log sources (endpoint, firewall, cloud, identity, etc.) into Sentinel One Data Lake.
Interested in remote work opportunities in Devops? Discover Devops Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.
Ensure data is normalized and enriched to support threat detection and compliance use cases.
Use Cribl, Syslog, or Sentinel One native ingestion pipelines to transition data flow.
Required Skills & Experience:
- 7+ years of experience in SIEM engineering or security operations.
- 3+ years of hands-on experience with Splunk (including SPL, dashboards, and Ingestion).
- Strong knowledge of Sentinel One Singularity Data Lake and XQL (preferred).
- Familiarity with log source types: EDR, NDR, firewall, email security, identity logs, cloud APIs (AWS, Azure, GCP).
- Experience with Cribl or other log routing/optimization tools.
Required:
- Deep familiarity with XQL syntax, operators, filters, and joins.
Primary Skill:
Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.
- Filtering and transforming data (where, extract, project, parse_json)
- Aggregations and stats (count, avg, sum, group by)
- Time-series functions and windowing
- Working with nested fields (common in EDR/NDR data)
- Compared to Kusto Query Language (KQL), KQL knowledge is transferable.
- Python
Highly Recommended:
- For building custom integrations, automation, or data pipelines with Sentinel One API
- XQL (XDR Query Language) - XQL is a proprietary query language used to query data in SentinelOneโs Singularity Data Lake. It is inspired by Kusto Query Language (KQL), so KQL experience is directly transferable.
- PowerShell
- JavaScript/Node.js or Bash
If youโre interested in this opportunity, please send your updated resume to randheer.t@vailexa.com. We look forward to connecting with you!
Similar Jobs
Explore other opportunities that match your interests
Principal Infrastructure Engineer
Voxel51
IMPACT Technology Recruiting
Cloud Security Engineer
