Cribl Engineer (Expert)Location: Reston, VA- College Park, MD- JBAB, DC
Required Clearance: TS/SCI with Polygraph
Employment Type: Full-Time Regular
Shift: Day
Travel: Limited
Relocation Assistance: Yes
Position OverviewEnnoble First is seeking an Expert Cribl Engineer to serve as the principal technical authority for enterprise observability pipelines built on Cribl Stream and Cribl Edge. This role is responsible for architecting, optimizing, and securing large-scale telemetry and logging infrastructures supporting mission-critical environments.
The ideal candidate is a senior technologist with deep expertise in observability engineering, SIEM integration, telemetry pipeline architecture, and large-scale data engineering. You will drive platform strategy, establish engineering standards, mentor technical teams, and serve as the highest-level escalation point for Cribl-related challenges across the enterprise.
Primary Responsibilities- Lead architecture, design, and implementation of Cribl Stream and Cribl Edge deployments across multiple enclaves and data domains.
- Design and maintain high-throughput observability pipelines supporting multi-terabyte-per-day telemetry environments.
- Develop advanced routing, filtering, enrichment, replay, and transformation workflows to support operational and analytic requirements.
- Optimize platform performance through tuning of worker groups, topology design, queue management, transport mechanisms, and resource utilization.
- Engineer secure data flows utilizing encryption, masking, tokenization, RBAC, PKI/TLS, and governance controls.
- Integrate Cribl pipelines with enterprise SIEM, analytics, cloud, and telemetry platforms including Splunk, Elastic, Kafka, and cloud-native services.
- Develop and maintain high availability, disaster recovery, monitoring, and operational resilience strategies.
- Create reusable Cribl Packs, standardized pipeline patterns, engineering documentation, and operational runbooks.
- Serve as the senior technical escalation point for Cribl-related issues and coordinate directly with vendor engineering teams as required.
- Conduct architecture reviews, establish technical standards, and mentor engineers across the organization.
- Partner with security, cloud, analytics, infrastructure, and operations teams to define enterprise logging and telemetry strategies.
- Support continuous improvement initiatives focused on observability maturity, performance optimization, and operational excellence.
Required Qualifications- Active TS/SCI clearance with Polygraph.
- Bachelor's degree in Computer Science, Information Systems, Engineering, Cybersecurity, or related field and 10+ years of relevant experience. Additional experience may be considered in lieu of a degree.
- 10+ years of experience supporting logging, observability, SIEM, or telemetry engineering environments.
- 5+ years designing, architecting, and operating enterprise-scale log and telemetry pipelines.
- 3+ years of hands-on experience with Cribl Stream and Cribl Edge in production environments.
- Demonstrated experience operating and scaling telemetry environments supporting 5-10+ TB/day of data ingestion.
- Expert-level knowledge of Splunk architecture, forwarding, ingestion pipelines, source type management, and indexing strategies.
- Strong Linux administration and troubleshooting experience.
- Experience with Python, Bash, Git, and automation tools such as Ansible and Terraform.
- Strong understanding of HTTP, TCP, TLS/mTLS, Kafka, S3, and other data transport and storage technologies.
- Experience designing secure data architectures utilizing encryption, RBAC, secrets management, and compliance controls.
- Demonstrated ability to lead technical teams, mentor engineers, and drive architectural decision-making.
- Cribl Certified Engineer (CCOE) certification or equivalent demonstrated expertise.
- Must possess the following DoD 8570.01-M certifications or be willing to obtain within 30 days of hire:
- Information Assurance Technician (IAT) Level II certification (currently Security+ CE, CCNA Security, GSEC, SSCP, CySA+, GICSP, or CND).
- Information Assurance Technician (IAT) Level III certification requirements (currently CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, or GCIH).
- Cyber Security Service Provider (CSSP) - Infrastructure Support certification requirements (currently CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND).
Preferred Qualifications- Expertise developing and maintaining Cribl Packs and reusable pipeline frameworks.
- Experience supporting AWS, Azure, hybrid cloud, or multi-cloud telemetry architectures.
- Experience supporting cross-domain solutions and secure data movement architectures.
- Familiarity with NIST, CIS, and other cybersecurity control frameworks.
- Experience building observability frameworks for large-scale distributed systems.
- Experience working directly with Cribl Professional Services, product teams, or vendor escalation channels.
- Experience supporting Intelligence Community, DoD, or National Security mission environments.
Pay Range$160,000-$200,000The Ennoble First pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
