Senior Engineer – SIEM Platform Engineering & Operations

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates’ physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.

Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations.

At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!
 

Job Description:

The Senior Engineer SIEM Platform Engineering & Operations is responsible for engineering, monitoring, and optimizing the firm’s SIEM ecosystem including Splunk, Microsoft Sentinel, and associated data pipelines to ensure data quality, platform resiliency, and analytic reliability. This role enhances the security data environment, leads strategic and tactical improvements, and serves as a SIEM subject-matter expert and mentor across Cyber Security Technology teams.

Core Responsibilities

• Engineer, monitor, and maintain the operational health and resiliency of SIEM platforms including Splunk Enterprise/Cloud and Microsoft Sentinel.
• Implement SIEM platform resiliency controls including cluster monitoring, ingestion latency tracking, and workload distribution optimizations.
• Monitor, maintain, and troubleshoot the data ingestion pipeline including Kafka clusters, Cribl pipelines, Splunk Forwarders, and Sentinel connectors.
• Develop dashboards for pipeline throughput, message lag, schema drift, and end-to-end data quality validation.
• Manage and enforce data SLIs/SLOs across freshness, completeness, correctness, and availability.
• Ensure proper CIM/OCSF/CEF normalization and enrichment for all security-relevant data sources.
• Oversee the Anvilogic content management platform including rule execution health, version control, and analytics dependency monitoring.
• Develop unified observability dashboards covering SIEM platform state, ingestion health, detection pipeline execution, and analytic reliability.
• Serve as escalation point for SIEM data outages, ingestion failures, analytic misfires, and platform degradations.
• Collaborate with operational and engineering teams to design and enhance security detections, analytics, and proactive defenses.
• Write, optimize, and maintain SPL, KQL, and other query languages to support analytics, threat detection, and investigations.
• Support Model Risk Management (MRM) efforts to describe AI or ML Models in use by any of our SIEM Technologies.

Required Qualifications

• 6+ years experience in Security Operations, SIEM Engineering, Detection Engineering, Incident Response, or related enterprise disciplines.
• Hands-on experience with Splunk Enterprise/Cloud and Microsoft Sentinel in large-scale environments.
• Experience with Kafka, Cribl, Databricks, Hadoop, Python, SQL, Pandas, Spark, or similar data platforms.
• Experience mapping log sources into structured models such as CIM, OCSF, CEF.
• Ability to troubleshoot complex SIEM ingestion, data quality, and infrastructure performance issues.
• Experience with EDR, SIEM, SOAR, and other enterprise-scale cybersecurity tools.
• Ability to manage competing priorities, drive consensus, and deliver results across distributed teams.

Desired Qualifications

• Experience with offensive security tooling and integrating SIEM/SOAR/TIP platforms.
• Knowledge of data science processes and statistical methods for detection enhancement.
• Experience threat hunting or performing detection engineering in cloud environments such as Azure, AWS, or M365.
• Experience maintaining Splunk KV stores, apps, and performing regular upgrades.
• Experience building SRE-style observability and reliability patterns (SLIs, SLOs, error budgets) for cybersecurity platforms.
• Awareness of AI enabled Security Operations technologies.

Skills:

• Influence
• Result Orientation
• Solution Design
• Stakeholder Management
• Technical Strategy Development
• Access and Identity Management
• Cyber Security
• Information Systems Management
• Risk Management
• Solution Delivery Process
• Collaboration
• Critical Thinking
• DevOps Practices
• Financial Management
• Test Engineering

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

Shift:

Hours Per Week: