Customer SIEM Engineer

Who We Are 

Gravwell is a full-stack security and observability platform built for people who need answers from their data—fast. Whether you're hunting threats, investigating incidents, or validating system health, Gravwell gives you the tools and performance to stay ahead. We're on a mission to simplify the SIEM experience without sacrificing power or flexibility.

About the Role 

Gravwell is seeking a highly technical Customer SIEM Engineer to facilitate our Mission Support and onboarding efforts. While the Sales Engineers win the heart of the customer, you are the one who makes the platform fly. You will take the baton from the pre-sales team to lead customers through deployment, configuration, and long-term technical success. As a bridge between sales and engineering, you’ll ensure that every Gravwell instance is tuned for maximum visibility and elite performance.

What You'll Do 

You’ll live at the heart of our customers' infrastructure. Your job is to transform raw data into actionable intelligence. You will lead the "Mission Support" process—onboarding new customers by architecting their data pipelines, hardening their Linux-based deployments, and building the detection logic they need to sleep at night. You aren't just a support tech; you are a detection engineer and a systems architect who ensures Gravwell scales with the customer's mission.

Your Responsibilities

• Lead the Onboarding Journey: Take full technical ownership of the customer relationship immediately following the sale, moving them from initial setup to a fully operational production environment.
• Architect Data Pipelines: Design and implement complex data ingestion strategies using Gravwell Ingesters, focusing on efficient normalization and parsing.
• Detection Engineering: Collaborate with customer security teams to build, test, and deploy advanced queries and alerting logic to identify threats and system anomalies.
• Systems Engineering: Provide expert-level guidance on Linux system tuning, storage optimization, and resource management to ensure Gravwell clusters perform at peak efficiency.
• Mission Support: Act as the primary technical point of contact for complex troubleshooting, helping customers navigate deep-tier technical hurdles in their environments.
• Develop Technical Tooling: Write custom shell scripts, utilities, and automation workflows to streamline deployment and data manipulation tasks.
• Feedback Loop: Act as a conduit between the customer and our core Engineering team, translating real-world usage challenges into prioritized product features.

What We're Looking For

• 3–5+ years in a highly technical role such as Security Engineer, SIEM Administrator, or Site Reliability Engineer (SRE).
• Linux Power User: You should be comfortable living in the terminal. Deep knowledge of Linux internals, file systems, and performance tuning is a must.
• Scripting & Automation: Proficiency in Shell scripting, Python, or Powershell for system management and tasks.
• Detection Mindset: Strong understanding of security frameworks (MITRE ATT&CK) and the ability to translate TTPs into functional search queries and alerts.
• Log Mastery: Experience with regex, JSON manipulation, and structured/unstructured data normalization.
• SIEM Expertise: Hands-on experience managing or deploying enterprise-grade platforms (e.g., Splunk, Elastic, QRadar, or specialized syslog-ng/fluentd architectures).
• Project Leadership: Ability to manage an onboarding timeline and guide multiple stakeholders through a technical mission.

Nice to Have

• Experience with various virtualization and storage architectures.
• Knowledge of network protocols (PCAP analysis, Netflow, IPFIX).
• Certifications in Security (GCIA, GCIH, OSCP) or Linux (RHCSA/RHCE).

Why Gravwell?

• Work where your impact is direct, visible, and appreciated.
• Full autonomy and trust to solve problems that we may not have known we had.
• Flexible remote work setup with a strong support culture.
• Access to mission-critical projects and real-world security data.
• Help build a better analytics experience.

Compensation

• Base Compensation Range: $120,000 - $210,000

Don’t meet every single requirement?

That’s okay. We believe great teammates can learn new skills. If you have a passion for the command line and a knack for finding the "needle in the haystack," we want to talk to you. Gravwell is built by people who love solving problems together.

Remote Position (United States)

Gravwell provides our employees with the flexibility to be creative and successful no matter where they are located. We have a flexible approach to work, meaning you can work from home, regardless of where you live within the United States.