Principal Splunk-Threat Detection & Integrati

Quzara LLC

$120K — $150K *
US-AnywhereRemote in United States
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years of experience in customer onboarding for SIEM, XDR, MDR, or security operations platforms
  • Hands-on expertise with Microsoft Defender XDR and Microsoft Purview
  • Experience in U.S. federal or highly regulated environments, including FedRAMP, FISMA, and CMMC
  • Strong knowledge of log ingestion and data integration from identity, endpoint, and cloud sources
  • Ability to independently create customer-facing technical documentation
  • Excellent communication skills for effective stakeholder management

Responsibilities

  • Lead customer onboarding into SIEM/XDR/MDR platforms for secure deployment
  • Configure Microsoft security services such as Defender XDR and Purview
  • Integrate various data sources (identity, endpoint, cloud) into security frameworks
  • Develop and maintain automation workflows using Azure Logic Apps or Power Automate
  • Gather customer requirements and ensure successful go-live readiness
  • Create comprehensive documentation including onboarding runbooks and data inventories
  • Support compliance by preparing necessary documentation for audits

Benefits

  • Remote work flexibility
  • Standard business hours with potential for additional hours as needed
  • Opportunity to work in highly regulated environments
  • Engagement with cross-functional teams across SOC and engineering
  • Professional growth in cybersecurity and cloud security domains
Full Job Description
Job Title: Principal Splunk-Threat Detection & Integration Engineer

Pay Type: SALARIED EXEMPT

Location: Remote

Summary of Position Role/Responsibilities

We are seeking a Customer Onboarding Engineer to lead the secure and compliant onboarding of customers into our cybersecurity platform. This role is responsible for working directly with customers-primarily in U.S. federal and highly regulated environments-to integrate data sources, configure security tooling, and ensure successful deployment aligned with compliance requirements. This position is hands-on, customer-facing, and requires strong experience with Microsoft and Azure security services, along with familiarity across other SIEM, EDR, and cloud platforms.

Essential Functions of the Job

  • Lead end-to-end customer onboarding into SIEM/XDR/MDR platforms, ensuring timely and successful delivery
  • Configure and validate Microsoft security services, including Defender XDR and Purview
  • Onboard and integrate data sources (identity, endpoint, cloud, SaaS, network logs) into security platforms
  • Build and maintain automation workflows using Azure Logic Apps, Power Automate, or similar SOAR tools
  • Work closely with customers to gather requirements, validate configurations, and support go-live readiness
  • Create and maintain customer-facing documentation, including:
    • As-Built documentation
    • Onboarding runbooks
    • Data source inventories
    • Status trackers
  • Support compliance and audit activities by preparing evidence and documentation (FedRAMP, FISMA, CMMC, etc.)
  • Collaborate cross-functionally with SOC, engineering, and compliance teams
  • Provide status updates and reporting to customers and internal stakeholders


Marginal Functions of the Job

  • Other duties as assigned


Normal Work Schedule

This is a full-time position. Standard business hours are Monday through Friday 8:30 AM to 5:30 PM. Additional time outside of these hours may be needed to complete the essential functions of the job.

Education, Training, and Experience

  • Experience onboarding customers into SIEM, XDR, MDR, or security operations platforms
  • Hands-on experience with Microsoft Defender XDR and/or Microsoft Purview
  • Experience working in U.S. federal or highly regulated environments (FedRAMP, FISMA, CMMC, etc.)
  • Strong understanding of log ingestion and data integration, including identity, endpoint, and cloud logs
  • Experience creating customer-facing technical documentation
  • Ability to work independently in a customer-facing delivery role
  • Strong communication and stakeholder management skills


Preferred Qualifications

  • Microsoft & Azure
    • Microsoft Defender suite (Endpoint, Identity, Office 365, Cloud)
    • Microsoft Purview (audit logging, compliance, data governance)
    • Microsoft Sentinel (data connectors, log onboarding, validation)
    • Azure AD / Entra ID, Azure Monitor, Log Analytics
    • Experience with KQL for log analysis and troubleshooting
    • Automation using Azure Logic Apps or Power Automate
  • Other Cloud & Security Tools
    • SIEM platforms such as Splunk, QRadar, Elastic, Chronicle
    • EDR/XDR tools such as CrowdStrike, SentinelOne
    • AWS security services (e.g., CloudTrail, GuardDuty)
    • Log ingestion tools such as Syslog, Logstash, Fluentd


Similar Jobs

More Jobs at Quzara LLC

More Information Technology Jobs

Find similar Principal Splunk-Threat Detection & Integrati jobs: