FIND_THE_RIGHTJOB.

University of Texas at Austin

Cybersecurity SIEM Operations Engineer

Austin, United States

Job Posting Title:

Hiring Department:

Information Security Office

Position Open To:

All Applicants

Weekly Scheduled Hours:

FLSA Status:

Exempt

Earliest Start Date:

Immediately

Position Duration:

Expected to Continue Until Aug 31, 2027

Location:

AUSTIN, TX

Job Details:

General Notes

This position is 100% remote.

The Information Security Office (ISO) assures the security of the university's Information Technology (IT) resources and the existence of a safe computing environment in which the university community can teach, learn, and conduct research. The ISO collaborates with campus IT leaders and university audit, compliance, and legal units to support the university's teaching, research, and public service missions. For more information on the Information Security Office please visit:

https://security.utexas.edu/

Do you get a rush from chasing down the source of a mystery alert? Are you the sort of person who can't sleep until you understand exactly why something happened? Is your idea of a good time spinning up scripts, building dashboards, or automating away repetitive tasks—just because you can? Do you crave a front-row seat to the high-stakes, fast-evolving universe of cybersecurity, where today’s logs are tomorrow’s headlines?

We’re seeking a SIEM-savvy technologist with a passion for wrangling data at scale, automating the un-automatable, and spotting the faint signals that others might miss. Here, you’ll work with a close-knit, collaborative team of analysts and engineers who believe the only dumb question is the one you didn’t ask. You'll experiment with new tools, tune Splunk to perfection, and use your skills to help us see patterns before problems happen—all while enjoying the flexibility of remote work.

If the phrase "regex wrangler" gives you a thrill, if you’ve ever had an argument with your load balancer (and won), or if your first instinct when faced with a new technology is to dig into the docs and automate all the things—we want to talk to you.

You’ll get to:

Shape the way our world-class Information Security Office ingests, transforms, and interprets terabytes of event data.
Design and refine automations that make security at scale not just possible, but delightful.
Collaborate with a range of engineers, from sysadmins to software devs, building better pipelines and bringing in the best new data sources.
See your work directly influence the security posture of a major research university.
Enjoy a supportive environment where technical curiosity is celebrated, continuous learning is part of the job, and “weird log of the week” is a real thing.
Work remotely and enjoy true flexibility while making a real impact.
If you thrive on challenge, have strong opinions about configuration management (and aren’t afraid to share them), and want to build the next generation of security monitoring—while having fun and making a difference from the comfort of your own space—we’d love to meet you.
This position requires you to maintain Internet service and a mobile phone with voice and data plans to be used when required for work.

Your skills will make a difference.

You’ll be working for a university that is internationally recognized for our academic programs and research. Your work will contribute to operational excellence and enhance the student experience. If you’re the type of person that wants to know your work has meaning and impact, you’ll like working in our department and for UT Austin. UT Austin provides an outstanding benefits package including but not limited to:

Competitive health benefits (employee premiums covered at 100%, family premiums at 50%)
Voluntary Vision, Dental, Life, and Disability insurance options
Generous paid vacation, sick time, and holidays
Teachers Retirement System of Texas, a defined benefit retirement plan, with employer matching funds
Additional Voluntary Retirement Programs: Tax Sheltered Annuity 403(b) and a Deferred Compensation program 457(b)
Flexible spending account options for medical and childcare expenses
Robust free training access through LinkedIn Learning plus professional conference opportunities
Tuition Assistance
Expansive employee discount program including athletic tickets
Free access to UT Austin's libraries and museums with staff ID card
Free rides on all UT Shuttle and Austin CapMetro buses with staff ID card

For more details, please see:

https://hr.utexas.edu/prospective/benefits

and

https://hr.utexas.edu/current/services/my-total-rewards

This position requires you to maintain Internet service and a mobile phone with voice and data plans to be used when required for work.

Must be authorized to work in the United States on a full-time basis for any employer without sponsorship.

This position is funded by a grant from the State of Texas to support the UT Regional Security Operations Center. Continued funding beyond the term of the grant is expected but is not guaranteed beyond 8/31/2027.

Purpose

The Cybersecurity SIEM Operations Engineer will collaborate with a small team of engineers to design, build, and administer Splunk infrastructure in on-premise environment with the UT Austin Information Security Office (UTISO).

Responsibilities

Collaborate with a small team of engineers to design, build, and administer Splunk infrastructure in on-premise environment.
Work with existing and custom Splunk applications and add-ons to fulfill customer needs.
Provide overall engineering and design support for a distributed Splunk environment consisting of heavy forwarders, indexers, and search head servers, spanning security, performance, and operational roles.
Onboard data to Splunk via forwarder, scripted inputs, TCP/UDP, and modular inputs from various sources.
Normalize data to ensure CIM compliance, and develop data models to accelerate queries, dashboards, and correlation searches.
Develop and manage comprehensive documentation, artifacts, procedures, and processes for the optimal management of the Splunk infrastructure.
Implement Cribl-based data pipeline solutions to optimize data collection and processing.
Manage multiple assignments, changing priorities, and work independently with little oversight.
Conduct periodic architectural reviews of Splunk and related systems to assess effectiveness and propose optimal installation alternatives as required.
Other related functions as assigned.

Required Qualifications

U.S. Citizen, resident, or officially recognized asylee - Applicant selected will be subject to government security investigation and must meet eligibility requirements for access to classified information at the level appropriate to the project requirements of the position.
A minimum of fifteen (15) years of experience in system administration, database administration, network engineering, software engineering, or software development, with a concentration in Cybersecurity.
At least ten (10) years of experience with Linux system administration (Red Hat Enterprise Linux required; experience with Debian/Ubuntu is a strong plus).
Demonstrated proficiency managing systems at scale using Puppet and/or Ansible (automation and configuration management are required skills).
Experience administering Splunk in large-scale (multi-site or multi-cluster environments is a significant plus)
Excellent written and oral communication skills, with the ability to work closely with multiple groups, manage expectations, and track engagement scope.
Strong experience in general networking and security troubleshooting (firewalls, routing, NAT, etc.).
Experience collaborating with separate engineering teams to configure and integrate new data sources.
Proficiency in regular expressions.
Demonstrated experience in onboarding data into Splunk via forwarder, scripted inputs, TCP/UDP, and modular inputs from a variety of sources.

Relevant education and experience may be substituted as appropriate.

Preferred Qualifications

Splunk Enterprise Certified Architect certification.
Strong proficiency with Cribl.
Experience administering Splunk for multi-site, multi-cluster configurations
Experience with Debian or Ubuntu Linux distributions.
Experience developing log ingestion and aggregation strategies.
Experience with API integrations for system automation and data ingestion.

Salary Range

$130,000 + depending on qualifications

Working Conditions

May work around standard office conditions
Repetitive use of a keyboard at a workstation

Required Materials

Resume/CV
3 work references with their contact information; at least one reference should be from a supervisor
Letter of interest

Important for applicants who are NOT current university employees or contingent workers: You will be prompted to submit your resume the first time you apply, then you will be provided an option to upload a new Resume for subsequent applications. Any additional Required Materials (letter of interest, references, etc.) will be uploaded in the Application Questions section; you will be able to multi-select additional files. Before submitting your online job application, ensure that ALL Required Materials have been uploaded. Once your job application has been submitted, you cannot make changes.

Important for Current university employees and contingent workers: As a current university employee or contingent worker, you MUST apply within Workday by searching for Find UT Jobs. If you are a current University employee, log-in to Workday, navigate to your Worker Profile, click the Career link in the left hand navigation menu and then update the sections in your Professional Profile before you apply. This information will be pulled in to your application. The application is one page and you will be prompted to upload your resume. In addition, you must respond to the application questions presented to upload any additional Required Materials (letter of interest, references, etc.) that were noted above.

#LI-Remote

Employment Eligibility:

Regular staff who have been employed in their current position for the last six continuous months are eligible for openings being recruited for through University-Wide or Open Recruiting, to include both promotional opportunities and lateral transfers. Staff who are promotion/transfer eligible may apply for positions without supervisor approval.

Retirement Plan Eligibility:

The retirement plan for this position is Teacher Retirement System of Texas (TRS), subject to the position being at least 20 hours per week and at least 135 days in length.

Background Checks:

A criminal history background check will be required for finalist(s) under consideration for this position.

Equal Opportunity Employer:

The University of Texas at Austin, as an

equal opportunity/affirmative action employer

, complies with all applicable federal and state laws regarding nondiscrimination and affirmative action. The University is committed to a policy of equal opportunity for all persons and does not discriminate on the basis of race, color, national origin, age, marital status, sex, sexual orientation, gender identity, gender expression, disability, religion, or veteran status in employment, educational programs and activities, and admissions.

Pay Transparency:

The University of Texas at Austin will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information.

Employment Eligibility Verification:

If hired, you will be required to complete the federal Employment Eligibility Verification I-9 form. You will be required to present acceptable and original

documents

to prove your identity and authorization to work in the United States. Documents need to be presented no later than the third day of employment. Failure to do so will result in loss of employment at the university.

E-Verify:

The University of Texas at Austin use E-Verify to check the work authorization of all new hires effective May 2015. The university’s company ID number for purposes of E-Verify is 854197. For more information about E-Verify, please see the following:

E-Verify Poster (English and Spanish)
[PDF]
Right to Work Poster (English)
[PDF]
Right to Work Poster (Spanish)
[PDF]

Compliance:

Employees may be required to report violations of law under Title IX and the Jeanne Clery Disclosure of Campus Security Policy and Crime Statistics Act (Clery Act). If this position is identified a Campus Security Authority (Clery Act), you will be notified and provided resources for reporting. Responsible employees under Title IX are defined and outlined in

HOP-3031

The Clery Act requires all prospective employees be notified of the availability of the Annual Security and Fire Safety report. You may

access the most recent report here

or obtain a copy at University Compliance Services, 1616 Guadalupe Street, UTA 2.206, Austin, Texas 78701.

Similar jobs