What’s in it for you as an employee of QFG?
-
Health & wellbeing resources and programs
-
Paid vacation, personal, and sick days for work-life balance
-
Competitive compensation and benefits packages
-
Work-life balance in a hybrid environment with at least 3 days in office
-
Career growth and development opportunities
-
Opportunities to contribute to community causes
-
Work with diverse team members in an inclusive and collaborative environment
We’re looking for our next Principal SIEM Engineer. Could It Be You?
Your contribution delivering sustainable and measurable results in the following areas will be very important:
Owning the health, performance, and evolution of the Elastic SIEM platform and the Kafka-based log streaming infrastructure that feeds it. You will be primarily involved in designing and maintaining the data pipeline and SIEM infrastructure that makes security operations possible. This role also includes administration of security solutions such as EDR and its policies, sensor health, WAF policies, Email Gateway and more. This is a dedicated engineering role focused on building and scaling the SIEM platform and administration of SOC tools. You will be working alongside internal customers and our vendor support teams to ensure we are utilizing our security tools in accordance with corporate policies and growing business needs. You will work closely with Cybersecurity and IT teams to align priorities and execute plans for new initiatives, as well as drive platform improvements and establish documentation for new tools.
Need more details? Keep reading…
You will:
-
Design, deploy, and maintain security tools (SOAR, EDR, email gateway, WAF, and more).
-
Design, deploy, and maintain Elastic cluster architecture (data nodes, coordinating nodes, ingest pipelines).
-
Manage index lifecycle policies, data retention, hot/warm/cold tiering, and storage optimization.
-
Build and maintain ingest pipelines, parsers, and log source integrations.
-
Perform platform performance tuning: query optimization, shard strategy, and resource allocation.
-
Develop and maintain detection-as-code CI/CD pipelines for rule deployment.
-
Maintain Elastic Security dashboards, visualizations, and saved searches.
-
Coordinate with stakeholders on log source onboarding.
-
Design, deploy, and maintain the Kafka streaming infrastructure: topic architecture, partitioning strategy, consumer group management, and throughput optimization.
-
Monitor and maintain data pipeline reliability, ensuring end-to-end log delivery from source through Kafka to Elastic with minimal latency and data loss.
-
Manage Elastic upgrades, patches, and cluster health monitoring.
-
Architect and maintain NXLog deployment and configuration across the environment for log collection and forwarding.
-
Manage capacity planning and infrastructure scaling for the Elastic cluster and Kafka environment.
-
Drive automation of routine platform operations through scripting (Python, Bash) and infrastructure-as-code practices.
-
Collaborate with Security Operations and Detection Engineering teams to translate detection requirements into optimized platform capabilities.
-
Mentor and develop team members in Elastic Stack administration and data pipeline engineering.
-
Evaluate emerging SIEM and log management technologies and provide strategic recommendations for platform evolution.
-
Define and maintain platform documentation, runbooks, and operational procedures for all SIEM and pipeline components.
-
Establish and report on SIEM platform performance metrics (ingestion rates, query latency, storage efficiency, pipeline health).
-
Participate in on-call rotations for SIEM, SOC tools and data pipeline infrastructure, including outside of business hours.
So are YOU our next Principal SIEM Engineer? You are if you have…
-
5+ years of relevant experience in SIEM platform engineering, Elastic Stack administration, and data pipeline architecture in an enterprise environment.
-
Experience with deployment and management of security solutions (EDR, SOAR, WAF, email gateway and more)
-
Extensive experience designing, deploying, and maintaining production Elasticsearch/OpenSearch clusters at scale.
-
Deep expertise with Elastic Security, Kibana, Logstash, Beats, and Elastic Agent for security monitoring and log management.
-
Proven experience designing and operating Apache Kafka infrastructure (brokers, ZooKeeper/KRaft, Connect) for high-throughput log streaming.
-
Experience with NXLog deployment, configuration, and management for enterprise log collection.
-
Proven track record of designing and implementing data pipeline architectures with focus on reliability, scalability, and minimal data loss.
-
Strong Linux systems administration skills and experience managing infrastructure in production environments.
-
Proficiency in scripting languages (Python, Bash) for automation, tooling development, and infrastructure-as-code.
-
Deep understanding of index lifecycle management, data retention strategies, and storage optimization for large-scale SIEM deployments.
-
Experience with CI/CD pipelines (GitLab) for detection-as-code and infrastructure automation.
-
Demonstrated experience mentoring and developing engineering skills across a platform or infrastructure team.
-
Strong ability to communicate platform architecture decisions and capacity planning to technical and non-technical stakeholders.
-
Experience with cloud-native infrastructure and container orchestration (GCP, AWS, Docker, Kubernetes).
Brownie points if you have...
-
Elastic Certified Engineer, Elastic Certified Analyst, Confluent Certified Administrator for Apache Kafka, or similar relevant certifications
Compensation Information:
-
Base salary range: $114,000 - $142,000
-
The final compensation package will be commensurated with the successful candidate's experience, skills, and geographic location (Canada). It includes a comprehensive benefits plan and a competitive incentive (bonus) program for Full-Time Permanent roles.
Sounds like you? Click below to apply!
#LI-Hybrid #LI-MM1
