Principal Architect, SIEM Engineer
ROH Asurion Hong Kong Limited · BGC – Taguig
About The Role
The Principal Architect, SIEM Architecture & Engineering within the Cyber
Command Center (C3) serves as the highest-level technical authority for
enterprise Security Information & Event Management, data ingestion, and cloud
security telemetry at Asurion. This individual operates at the intersection of deep technical expertise and platform-level direction-setting, partnering directly with the Senior Manager of SIEM Architecture and Engineering to define and drive the technical roadmap for Asurion's SIEM and data pipeline platforms.
This is not a supporting role, the Principal SIEM Architect serves as the Senior
Manager's primary technical partner, driving technical recommendations and
platform execution that inform decisions and outcomes of the SIEM engineering function. This individual is expected to set the technical standard for the team, make independent architectural decisions, and be accountable for the health, scalability, and evolution of the platforms under their ownership. Position Summary:
- The Principal Architect, SIEM Architecture & Engineering within the Cyber
- Command Center (C3) serves as the highest-level technical authority for enterprise Security Information & Event Management, data ingestion, and cloud security telemetry at Asurion. This individual operates at the intersection of deep technical expertise and platform-level direction-setting, partnering directly with the Senior Manager of SIEM Architecture and Engineering to define and drive the technical roadmap for Asurion's SIEM and data pipeline platforms.
- This is not a supporting role — the Principal SIEM Architect serves as the Senior
- Manager's primary technical partner, driving technical recommendations and platform execution that inform decisions and outcomes of the SIEM engineering function. This individual is expected to set the technical standard for the team, make independent architectural decisions, and be accountable for the health, scalability, and evolution of the platforms under their ownership.
This role places a mandatory and primary focus on three core platforms
- Splunk Cloud – Enterprise SIEM platform; deep, proven expertise is
- required, not preferred
- Amazon Web Services (AWS) – Cloud infrastructure supporting security
- data pipelines and SIEM operations
- Cribl – Enterprise data ingestion, routing, and pipeline management
About the Role
The Principal SIEM Architect will shape and implement the long-term technical
strategy in partnership with the Senior Manager for how Asurion collects, routes, normalizes, stores, and operationalizes security-relevant data at a global scale. This individual will work in close partnership with the Senior Manager of Cyber Command Center to support platform roadmap planning, drive platform maturity, and ensure the SIEM ecosystem evolves ahead of the threat landscape and business needs.
Where a Level 4 engineer executes within a defined direction, the Principal
Architect drives the technical recommendations that inform platform direction.
This individual is expected to
- Own the architectural decisions for the SIEM and data ingestion ecosystem
- Set the technical standard and engineering practices for the SIEM
- engineering team
- Lead without being asked — proactively identifying gaps, risks, and
- opportunities before they become problems
- Represent the SIEM program in conversations with vendors and cross-functional technical partners
- Be the final technical escalation point for the most complex platform and detection challenges
- The ideal candidate has a demonstrated history of not just building and maintaining enterprise SIEM platforms, but transforming them bringing structure, strategy, and innovation to environments that require both deep
technical skill and forward-thinking leadership.
Key Ownership Areas
Splunk Cloud (Required — Non-Negotiable)
- Own the enterprise Splunk Cloud architecture, platform health, and long-term platform evolution
- Make final architectural decisions on platform configuration, data models, indexing strategy, and content development standards
- Define and enforce engineering standards for correlation searches, dashboards, reports, field extractions, and CIM compliance across the team
- Drive the Splunk Enterprise Security (ES) program forward, including use
- case maturity, content lifecycle management, and detection coverage
- mapping
- Serve as Asurion's primary technical point of contact with Splunk for escalations and technical roadmap discussions
- Required: Proven, hands-on Splunk expertise is mandatory for this role.
- Comparable SIEM experience alone will not satisfy this requirement at the Principal level
Amazon Web Services (AWS)
- Own the AWS architecture strategy supporting security data pipelines and SIEM operations
- Make authoritative decisions on the design and implementation of AWS services (S3, Kinesis, Lambda, CloudWatch, IAM, Security Hub, etc.) as they relate to the security data ecosystem
- Drive cloud-native log source integration strategy, ensuring scalability, reliability, and cost efficiency
- Serve as the senior technical partner to Cloud and Infrastructure teams on matters of security telemetry and data pipeline design
- Contribute to AWS cost optimization efforts for security data storage, processing, and pipeline operations
- Define standards for how cloud environments (AWS, Azure, GCP) are instrumented and monitored from a security telemetry perspective
- Cribl (Data Ingestion)
- Own the enterprise Cribl architecture, deployment strategy, and platform governance
- Define and maintain standards for pipeline design, data routing logic, and enrichment strategies
- Make architectural decisions on data reduction, noise filtering, and licensing cost management
- Set the organizational standard for how new data sources are evaluated, onboarded, and maintained through the Cribl pipeline rive the long-term technical vision for how Cribl fits within the broader security data ecosystem alongside Splunk Cloud and AWS
Strategic Responsibilities (Platform & Technical Level)
- Partner with the Senior Manager, Cyber Command Center to inform and support a rolling SIEM platform roadmap aligned to organizational security goals and the evolving threat landscape
- Contribute to SIEM program KPIs and maturity metrics; provide findings and technical recommendations to the Senior Manager for leadership reporting
- Own the technical standards for Information Security Data Retention across cloud and on-premise environments, ensuring alignment with compliance, legal, and operational requirements
- Support vendor relationships for SIEM and data ingestion tooling at the technical level — including technical escalation management and product roadmap input
- Identify and communicate technical risk associated with the SIEM platforms; make recommendations to treat risk appropriately
- Lead evaluation of emerging technologies and platforms that could enhance or evolve the SIEM and data ingestion ecosystem
Team Leadership Responsibilities
- Set the technical direction and engineering standards for the SIEM engineering team
- Serve as the final escalation point for complex platform, detection, and pipeline challenges that cannot be resolved at the L3 or L4 level
- Actively develop the skills and capabilities of the SIEM engineering team through mentorship, knowledge sharing, and structured growth planning
- Partner with the Senior Manager to define hiring criteria and conduct technical interviews
- Drive a culture of engineering excellence, documentation, and continuous
- improvement within the team
- Lead post-incident and post-project reviews to capture lessons learned and drive platform and process improvements
Additional Responsibilities
- Perform analysis and provide architectural guidance in response to complex security-relevant events and incidents
- Collect, assess, and operationalize relevant threat intelligence to inform
- detection strategy and platform configuration
- Lead execution of remediation plans for gaps identified in audits or
- architecture reviews that affect the SIEM program
- Drive automation initiatives that improve the efficiency and effectiveness of the SIEM engineering function
- Maintain deep awareness of emerging security practices, attacker TTPs, and industry trends; translate that awareness into actionable platform improvements
- Perform other duties as assigned in support of broader Security & Risk program efforts
Requirements
Education
- BA or BS in Computer Science, Management Information Systems,
- Engineering, or a related field required; significant practical experience combined with certifications may be considered in lieu of degree
- MS in Computer Science, Information Systems, Engineering, or a related field, strongly preferred
Experience
- 10+ years of progressive experience in computing and information security, with a clear trajectory toward senior technical leadership
- 7+ years of deep, hands-on experience with Splunk, including Splunk
- Cloud architecture, administration, content development, and platform optimization. This is a hard requirement. Candidates without documented Splunk expertise will not meet the bar for this role.
- 5+ years of demonstrated experience architecting and managing security data pipelines within AWS, including S3, Kinesis, Lambda, CloudWatch, IAM, and related services
- 3+ years of hands-on experience with Cribl in an enterprise environment, including pipeline architecture, data routing, and optimization
- Documented history of deep technical platform ownership and contribution to program direction — candidates must be able to demonstrate that they have owned, shaped, and driven the direction of an enterprise SIEM program, not simply supported one.
- Proven experience partnering with senior leadership to contribute to and execute multi-year technical roadmaps
- Experience with additional SIEM platforms (ArcSight, QRadar, ELK, Sentinel, etc.) considered complementary but does not substitute for required Splunk expertise
- Documented understanding of core network protocols (TCP/IP, ICMP, DHCP,
- DNS, etc.)
- Proficiency in one or more programming and scripting languages (Python,
- PowerShell, Bash, etc.) with the ability to drive automation initiatives
- Deep knowledge within Linux environments, including configuration management and application administration
Certifications (Required or Strongly Desired)
- Certification Expectation
- Splunk Certified Architect Strongly Required
- Splunk Enterprise Security Certified Admin Strongly Required
- Splunk Certified Administrator Required
- AWS Certified Security – Specialty Strongly Desired
- AWS Certified Solutions Architect (Associate or Professional) Strongly Desired
- Cribl Certifications Desired where applicable
Skills & Competencies
- Technical Authority — Recognized by peers and leadership as the definitive technical expert in the SIEM and security data engineeringdomain
- Strategic Thinking — Demonstrated ability to think beyond the immediate problem and shape direction over a multi-year horizon
- Technical Judgment — providing well-reasoned technical recommendations that enable sound architectural and platform decisions
- Stakeholder Communication — Ability to distill complex technical concepts into clear, compelling narratives for senior leadership and non- technical stakeholders
- Leadership Without Authority — Proven ability to influence peers, cross- functional partners, and vendors without direct management authority
- Mentorship & Team Development — Track record of elevating the technical capabilities of the teams around them
- Operational Resilience — Ability to operate effectively under ambiguous circumstances, prioritize competing demands, and make sound decisions in high-pressure situations
Additional Information
This position requires some weekend and evening assignments as well as
availability during off-hours for participation in scheduled and unscheduled
activities. Given the scope and ownership expectations of this role, the Principal SIEM Architect is expected to maintain awareness of platform health and program status beyond standard business hours.
This listing was posted by a verified recruiter at ROH Asurion Hong Kong Limited. Report this listing
JobSpring