Cribl Architect

The Cribl Architect is responsible for the end-to-end design, implementation, optimization, and operational support of Cribl Stream, Cribl Edge, and Cribl Search within enterprise logging, observability, and security ecosystems. This role serves as a technical authority and hands-on practitioner, ensuring scalable, secure, and cost-efficient telemetry pipelines while supporting business and operational objectives.

The ideal candidate has deep experience across architecture design, platform implementation, and production operations, and acts as a trusted advisor to engineering, security, and business stakeholders.

Key Responsibilities:

Architecture & Design

• Design enterprise-grade Cribl architectures (on-prem, cloud, hybrid, and containerized environments)
• Define scalable, resilient, and secure data pipeline architectures for logs, metrics, and traces
• Develop routing strategies for multi-destination outputs (Splunk, Elastic, Datadog, OpenSearch, S3, SIEMs, etc.)
• Establish high availability, load balancing, and failover strategies
• Ensure alignment with security, compliance, and data governance requirements

Implementation & Engineering

• Lead Cribl Stream, Edge, and Search implementations from design through production
• Build and maintain pipelines, packs, routing rules, and enrichment logic
• Integrate Cribl with cloud services (AWS, Azure, GCP), Kubernetes, and enterprise platforms
• Perform data filtering, masking, transformation, and normalization
• Validate architecture and implementations through testing and performance tuning

Operations & Support

• Provide production-level operational support for Cribl environments
• Monitor system health, throughput, latency, and data integrity
• Troubleshoot pipeline failures, ingestion issues, and performance bottlenecks
• Establish operational runbooks, SOPs, and alerting
• Support upgrades, patching, and platform lifecycle management

Cost Optimization & Governance

• Drive observability and SIEM cost optimization strategies
• Implement data reduction, sampling, and routing controls
• Provide usage reporting and cost-impact analysis
• Enforce governance standards across telemetry ingestion

Collaboration & Leadership

• Partner with Security, SRE, Platform, DevOps, and Application teams
• Translate business requirements into technical solutions
• Provide technical guidance and mentoring to engineers and administrators
• Communicate risks, readiness, and progress to stakeholders and leadership

Required Qualifications:

Experience

• 5+ years in logging, observability, or telemetry platforms
• 3+ years hands-on experience with Cribl Stream (Edge and Search strongly preferred)
• Proven experience with architecture design, implementation, and operations
• Experience supporting large-scale, production environments
• Strong background in Linux, networking, and distributed systems

Technical Skills

• Cribl Stream pipelines, packs, routes, and functions
• SIEM and observability platforms (Splunk, Elastic, Datadog, OpenSearch, etc.)
• Cloud platforms: AWS, Azure, and/or GCP
• Kubernetes and containerized workloads
• Infrastructure as Code (Terraform, CloudFormation preferred)
• Scripting (Python, Bash, or similar)
• REST APIs and data formats (JSON, syslog, OpenTelemetry)

Certifications (Required)

• Cribl Certified Administrator (CCA) – Required
• Cribl Certified Architect (CCA-A) – Required

Preferred / Additional Certifications

• Splunk Enterprise Certified Architect or Admin
• AWS Certified Solutions Architect (Associate or Professional)
• Azure Solutions Architect Expert
• Kubernetes (CKA or CKAD)
• ITIL Foundation or higher

Soft Skills

• Strong analytical and troubleshooting skills
• Excellent written and verbal communication
• Ability to lead technical discussions with non-technical stakeholders
• Highly organized with strong documentation habits
• Comfortable operating in fast-paced, high-impact environments

Nice-to-Have Experience

• SOC or Security Operations environments
• OpenTelemetry implementations
• Data privacy and compliance (HIPAA, PCI, SOX, GDPR)
• Consulting or MSP delivery models