GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation’s top organizations, such as Fortune 500 companies and U.S. government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk.
About GuidePoint Security
GuidePoint Security is a leading cybersecurity solutions and services firm enabling federal government organizations to make smarter security decisions that minimize risk. With more than 800 vetted technology vendor partnerships and deep practitioner expertise across every major cybersecurity domain, GuidePoint serves more than half of the U.S. Government’s cabinet-level agencies across Civilian, DoD, and Intelligence Community segments, as well as Federal System Integrators and major defense prime contractors. We are growing our federal presales engineering team and looking for technically exceptional engineers who thrive at the intersection of federal mission and cybersecurity technology.
We are seeking a highly experienced Cribl Engineer to serve as the principal technical authority for observability pipelines built on Cribl Stream and Cribl Edge. This role is designed for a senior technologist with deep expertise in log/telemetry routing, large scale data engineering, and enterprise-grade observability architectures. You will shape pipeline strategy, design complex routing and transformation logic, drive platform reliability, mentor senior engineers, and serve as the top technical escalation point for Cribl related challenges.
Key Responsibilities
- Lead architecture and design for Cribl Stream/Edge across multiple enclaves and data domains.
- Build high throughput pipelines (multiTB/day) with advanced routing, filtering, enrichment, and replay workflows.
- Optimize system performance, worker topology, CPU/memory distribution, queues, and transport mechanisms.
- Engineer secure data flows with masking, tokenization, RBAC, PKI/TLS, and other governance controls.
- Integrate pipelines with SIEM/analytics ecosystems (Splunk, Elastic, SaaS telemetry platforms, cloud services).
- Develop HA/DR patterns, reliability frameworks, fleet health metrics, and failure mode response processes.
- Maintain reusable Cribl packs, shared patterns, runbooks, and operational standards.
- Serve as the senior escalation point for Cribl issues; interface with vendor engineering as required.
- Mentor engineers, conduct design reviews, drive engineering excellence, and enforce architectural standards.
- Support cross functional teams (security, cloud, analytics, infrastructure) on logging and telemetry strategy.
Requirements
- Must possess a TS/SCI w/Poly (CI or FS)
- 10+ years of experience in logging, observability, or SIEM engineering.
- 5+ years architecting enterprise scale log/telemetry pipelines.
- 3+ years hands-on with Cribl Stream and Cribl Edge in production environments.
- Demonstrated success operating and scaling pipelines at 5–10+ TB/day.
- Expert-level experience with Splunk forwarding/ingestion, source type management, and indexing practices.
- Strong Linux fundamentals; scripting expertise (Python/Bash); Git; automation (Ansible/Terraform).
- Strong understanding of transport protocols (HTTP, TCP, TLS/MTLS), Kafka, S3/object storage.
- Experience designing secure data flows, including encryption, RBAC, secrets management, and compliance controls.
- Demonstrated ability to mentor senior engineers and lead technical decision making.
- Certified Cribl Certified Engineer (CCOE) or equivalent Cribl product expertise.
- Must possess the following DoD 8570.01-M certifications or be willing to obtain within 30 days of hire:
- Information Assurance Technician (IAT) Level II certification (currently Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND).
- IAT Level III certification requirements (currently CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, or GCIH).
- Cyber Security Service Provider (CSSP) - Infrastructure Support (IS) certification requirements (currently CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND).
Preferred Qualifications
- Expertise creating and maintaining Cribl Packs and reusable pipelines.
- Experience with cloud telemetry (AWS, Azure, hybrid) and cross domain data movement patterns.
- Familiarity with NIST / CIS control frameworks and secure engineering practices.
- Experience building observability frameworks for large distributed systems.
- Vendor engagement experience (Cribl PS, product teams, troubleshooting escalations).
“Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.”
We use Greenhouse Software as our applicant tracking system and Zoom Scheduler for HR screen request scheduling. At times, your email may block our communication with you. Please be sure to check your SPAM folder so that you don't miss updates on your application.
Why GuidePoint?
GuidePoint Security is a rapidly growing, profitable, privately-held value added reseller that focuses exclusively on Information Security. Since its inception in 2011, GuidePoint has grown to over 1,200 employees, established strategic partnerships with leading security vendors, and serves as a trusted advisor to more than 6,200 customers.
Firmly-defined core values drive all aspects of the business, which have been paramount to the company’s success and establishment of an enjoyable workplace atmosphere. At GuidePoint, your colleagues are knowledgeable, skilled, and experienced and will seek to collaborate and provide mentorship and guidance at every opportunity.
This is a unique and rare opportunity to grow your career along with one of the fastest growing companies in the nation.
Some added perks….
- Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
- Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family). If you choose the High Deductible / HSA plan, GPS will contribute in 4 equal quarterly installments: ($850 per EE annually / $1750 per family annually (includes spouse/children/family options)
- Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
- 12 corporate holidays and a Flexible Time Off (FTO) program
- Healthy mobile phone and home internet allowance
- Eligibility for retirement plan after 2 months at open enrollment
- Pet Benefit Option
Skills Required
- Must possess a TS/SCI w/Poly (CI or FS)
- 10+ years of experience in logging, observability, or SIEM engineering
- 5+ years architecting enterprise scale log/telemetry pipelines
- 3+ years hands-on with Cribl Stream and Cribl Edge in production
- Demonstrated success operating and scaling pipelines at 5-10+ TB/day
- Expert-level experience with Splunk forwarding/ingestion, sourcetype management, and indexing practices
- Strong Linux fundamentals; scripting expertise (Python, Bash); Git; automation (Ansible, Terraform)
- Strong understanding of transport protocols (HTTP, TCP, TLS/MTLS), Kafka, S3/object storage
- Experience designing secure data flows including masking, tokenization, encryption, RBAC, PKI/TLS, secrets management, and compliance controls
- Demonstrated ability to mentor senior engineers and lead technical decision making
- Certified Cribl Certified Engineer (CCOE) or equivalent Cribl product expertise
- DoD 8570.01-M certifications (IAT Level II, IAT Level III, and CSSP-IS) or willing to obtain within 30 days
- Vendor escalation and engagement experience with Cribl product teams (as needed)
- Expertise creating and maintaining Cribl Packs and reusable pipelines
- Experience with cloud telemetry (AWS, Azure, hybrid) and cross-domain data movement
- Familiarity with NIST / CIS control frameworks and secure engineering practices
- Experience building observability frameworks for large distributed systems
GuidePoint Security Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about GuidePoint Security and has not been reviewed or approved by GuidePoint Security.
-
Healthcare Strength — Company materials highlight fully covered employee premiums on a base medical plan, options including PPO and HSA, employer HSA contributions, and access to an EAP. These elements materially enhance the overall value of compensation for individuals.
-
Flexible Benefits — A remote‑first model with telework/flex‑time and monthly phone/home‑internet stipends is emphasized. This flexibility and stipending increase the attractiveness of the total rewards across many roles.
-
Leave & Time Off Breadth — Flexible Time Off, company holidays, and parental and other protected leaves are outlined in ESG materials and job postings. Such breadth supports work‑life balance and complements cash compensation.
GuidePoint Security Insights
What We Do
GuidePoint Security is an elite team of highly trained, top certified experts who cut through cyber chaos and confusion to put control back in your hands. We help you make the smartest, most informed decisions, choose and integrate products and services that are the best fit, and build the most effective cybersecurity posture. We provide organizations with holistic perspective on their cyber ecosystem to minimize gaps, vulnerabilities, and optimize resources, including: 1. Understanding the changing threat landscape, vulnerabilities, and gaps 2. New insights of how product decisions align with resource capacity 3. Insightful product comparisons and integration to save time, money, and mistakes
