Senior Syslog Engineer

Securonix is leading the transformation of cybersecurity by helping organizations stay ahead of modern threats. Security teams are no longer constrained by data or tools. They are constrained by speed, clarity, and confidence. Securonix was built to close that gap. Our mission is to enable security teams to decide and act faster across the entire threat lifecycle.

The Securonix Unified Defense SIEM is the industry’s first platform powered by agentic AI and designed with a human-in-the-loop philosophy. It unifies detection, investigation, and response in a single system. Advanced UEBA delivers deep behavioral insight across users, entities, and data. Native threat intelligence continuously enriches detections and investigations with real-world context. AI reinforces every layer of the platform while keeping accountability with the security team.

Built cloud-native for scale and performance, the platform enables real-time analytics, deep investigation, and automated response without compromise. Analysts gain faster access to relevant signals. Investigations move from days to minutes. Response becomes consistent and measurable. The result is a CyberOps experience that scales as threats evolve.

Securonix is recognized as a six-time Leader in the Gartner Magic Quadrant for SIEM and a Customers’ Choice on Gartner Peer Insights. The company has been featured by leading publications including WIRED, Dark Reading, and Fortune for its innovation and leadership in security operations. Organizations rely on the platform for always-available data, rapid search and investigation, continuously updated threat content, and a fully integrated Threat Detection, Investigation, and Response experience.

Backed by Vista Equity Partners, one of the world’s leading enterprise software investors, Securonix benefits from deep operational expertise and a long-term commitment to innovation and growth. This partnership strengthens our ability to scale the platform, accelerate product execution, and support customers as their security needs evolve.

With more than 1,000 customers worldwide, including a meaningful portion of the Fortune 100, Securonix operates at global scale. Our ecosystem of partners and managed security service providers extends that reach, helping organizations deploy and operate with confidence wherever they do business. What drives us is how we work.

• We win as one team. We operate with trust, respect, and shared accountability.
• We are customer driven. Innovation is guided by real security challenges and measurable outcomes.
• We act with agility. Change is constant, and we stay aligned on purpose while adapting fast.

That focus is how Securonix helps organizations move from reactive security to proactive, autonomous operations.

About the Role:

We are looking for a highly experienced SIEM / Syslog Expert with deep hands-on expertise in syslog-ng , log ingestion pipelines, and large-scale event processing. This role requires strong understanding of syslog internals, filtering strategies, performance tuning, and reliability engineering to build efficient, scalable, and foolproof log ingestion systems.

You will play a key role in designing and optimizing high-throughput syslog pipelines handling thousands of events per second, ensuring accuracy, efficiency, and resilience.

Key Responsibilities:

• Design, implement, and optimize syslog-ng configurations for high-volume log ingestion environments.

• Develop and maintain complex filtering logic to ensure accurate routing, normalization, and noise reduction of logs.

• Analyze and improve log pipeline performance (CPU, memory, latency, throughput) .

• Build efficient, scalable, and fault-tolerant syslog architectures .

• Troubleshoot issues related to:

o High CPU/memory usage o Message drops / backpressure

o Ordering and duplication issues o Network/TCP/TLS ingestion problems

• Optimize buffering, batching, and flow control mechanisms in syslog-ng.

• Work closely with SIEM platforms (e.g.Securonix, Splunk, ELK) to ensure seamless ingestion.

• Ensure log integrity, reliability, and completeness across the pipeline.

• Implement best practices for:

o Log parsing (RFC3164, RFC5424)

o Structured vs unstructured logs

o Secure syslog (TLS)

• Perform capacity planning and load testing for syslog pipelines.

• Create test frameworks to validate syslog filters and configurations.

• Document standards, guidelines, and reusable configurations.

Required Skills & Expertise:

Core Skills

• Deep expertise in syslog-ng (mandatory)

• Strong understanding of syslog protocol internals

o RFC3164, RFC5424

o TCP/UDP/TLS behavior

• Expertise in designing syslog filters and routing logic

• Strong experience with log parsing, pattern matching, and regex optimization

Performance & Reliability

• Experience tuning:

o log-iw-size, log-fifo-size

o flush_lines, so_rcvbuf

o disk-buffer and memory management

• Understanding of backpressure, buffering, and flow control

• Experience handling high EPS (10K–100K+) environments

Troubleshooting

• Ability to debug:

o Message loss

o Duplicate events

o Out-of-order processing

o High CPU/memory usage

• Strong Linux debugging skills:

o tcpdump, netstat, ss, top, strace

SIEM & Data Pipelines

• Experience with one or more:

o Splunk / ELK / QRadar

• Understanding of log ingestion pipelines (Kafka, Spark, etc.)

• Knowledge of data enrichment and normalization

Good to Have:

• Experience with Kafka-based ingestion pipelines

• Knowledge of distributed systems and streaming architectures

• Experience with cloud environments (AWS)

• Familiarity with security logs (firewalls, IAM, endpoint, network devices)

What We’re Looking For:

• Someone who can look at a syslog-ng config and immediately identify inefficiencies

• Deep understanding of how filters impact performance and correctness

• Ability to design clean, maintainable, and scalable configurations

• Strong ownership mindset and problem-solving skills

• Ability to make systems efficient, resilient, and foolproof

Key Outcomes Expected:

• Reduced log ingestion latency and resource usage

• Optimized filtering with minimal false positives/negatives

• Stable, scalable syslog pipelines under high load

• Zero/near-zero log loss

• Well-documented and maintainable configurations

Securonix, Inc. provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, age, disability, genetic information, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state and local laws. Securonix complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including hiring, placement, promotion, termination, layoff, recall, and transfer, leaves of absence, compensation and training.

Securonix expressly prohibits any form of unlawful employee harassment based on race, color, religion, gender, sexual orientation, national origin, age, genetic information, disability or veteran status. Improper interference with the ability of Securonix employees to perform their expected job duties is absolutely not tolerated.