Staff SOC Engineer – Security Telemetry & Detection Platforms

You desire impactful work.

You’reRGA ready

RGA is a purpose-driven organization working to solve today’s challenges through innovation and collaboration. A Fortune 200 Company and listed among its World’s Most Admired Companies, we’re the only global reinsurance company to focus primarily on life- and health-related solutions. Join our multinational team of intelligent, motivated, and collaborative people, and help us make financial protection accessible to all.

The Staff SOC Engineer – Security Telemetry & Detection Platforms is a hands on security engineering role responsible for building, operating, and continuously improving enterprise security telemetry and detection platforms. This role ensures high quality visibility and detection are embedded throughout operations and delivery lifecycles—applying secure by design principles to data collection, transformation, storage, and alerting across hybrid, cloud native, and on premises environments. The Staff SOC Engineer proactively anticipates telemetry gaps, translates detection requirements into actionable engineering work, and operationalizes controls that are scalable, resilient, and measurable. Through close collaboration with security operations, architecture, infrastructure, and product teams, this role advances SOC maturity and enables adaptive defenses that support business growth and regulatory compliance.

Principle Duties

• Administer and engineer improvements to enterprise security telemetry and detection platforms—including Splunk Cloud, Cribl Cloud, CrowdStrike Falcon, and Tines—ensuring reliability, performance, and cost efficiency.

• Implement secure by default telemetry patterns and logging standards across operating systems, cloud, and network data sources.

• Design, build, and maintain Cribl Cloud pipelines (Routes, Pipelines, Packs) for secure, cost managed, and high throughput log routing, enrichment, filtering, and transformation into Splunk Cloud and other destinations.

• Engineer Splunk Cloud content (SPL searches, correlation rules, alerts, dashboards, data models, CIM mapping, RBA where applicable) with an emphasis on signal quality, performance, and SLO/KPI driven cost control.

• Define and maintain role-based access controls (RBAC), least privilege models, and user provisioning across telemetry and detection platforms to enable auditable operations.

• Contribute to integration and automation across SOC tooling and enterprise systems (e.g., Tines, cloud native logging in AWS/Azure/GCP, threat intel feeds, ticketing/ITSM) to streamline detection, enrichment, and response workflows.

• Author and maintain explicit documentation—including system design documents, reference implementations, runbooks, and technical decision records capturing rationale, architecture, and operational procedures.

• Apply tacit understanding of SIEM/EDR behavior, data schemas, and pipeline constraints to troubleshoot complex issues, reduce noise, and close visibility gaps.

• Participate in incident response by developing targeted searches, conducting log analysis, identifying root causes, and providing platform/tooling expertise during high severity events.

• Implement and continuously improve control validation (data quality checks, parsing/field extraction tests, content regression tests) and observability (health monitors, capacity, latency, backlog, and error metrics).

• Evaluate emerging telemetry sources, detection approaches, and vendor capabilities; build proofs of concept to assess fit, security posture, and operational impact.

• Support identity, access, and privilege strategies within SOC platforms (API tokens, service accounts, secrets management, SSO/SAML/OIDC) aligned to enterprise guardrails.

• Collaborate in post incident reviews and resilience improvements, translating findings into backlog items for pipeline hardening, new log sources, or content tuning.

• Contribute to responsible logging and monitoring for AI enabled applications and platforms (e.g., model/service telemetry, prompt/audit logs), integrating risks and controls into detection strategy.

• Serve as the security telemetry and detection engineering representative for Global Security Office in technical forums, ensuring platform considerations are aligned with enterprise strategies and governance.

• Perform other duties as assigned.

Education

• Bachelor’s degree in arts/sciences (BA/BS) or equivalent experience – Required

• Relevant platform certifications (e.g., Splunk Core/Cloud, Cribl Certified Observability Engineer, CrowdStrike CCFA/CCFR) – Preferred

• Security certifications (e.g., CISSP, GSEC, GCDA, Cloud+) – Preferred

Work Experience, Skills, and Abilities

• 6+ years of progressive experience in security/infrastructure engineering or SOC engineering focused on SIEM/EDR, telemetry pipelines, and detection content – Required

• Demonstrated success deploying and operating Splunk Cloud, Cribl Cloud, and CrowdStrike Falcon at enterprise scale, including RBAC, API integrations, and platform hygiene – Required

• Hands‑on experience engineering data ingestion pipelines and normalizing logs from operating systems, AWS, Azure, and network sources – Required

• Strong technical background and tacit understanding of detection engineering, OCSF modeling, SPL optimization, CIM mapping, and content tuning to reduce ingest volume and improve signal to noise – Required

• Proven ability to collaborate across security operations, architecture, infrastructure, and product teams; strong stakeholder communication and documentation skills – Required

• Ability to map and document complex systems and processes, including data lineage and schema/field mappings – Required

• Familiarity with NIST frameworks, MITRE ATT&CK, and secure by design practices; experience with control validation and metrics/KPIs for continuous improvement – Required

• Experience supporting 24/7 SOC operations, including on call participation and multi region ingestion scenarios – Required

• Advanced analytical and problem-solving skills; competency with analysis and diagramming tools (e.g., Lucidcharts, Visio, Excel) – Required

• Experience integrating security telemetry into CI/CD pipelines and applying version control, testing, and staged releases for detections and pipeline changes – Preferred

• Proficiency in automation and scripting (e.g., Python, PowerShell) and experience with SOAR (e.g., Tines) and infrastructure as code (e.g., Terraform) – Preferred

What you can expect from RGA:

• Gain valuable knowledge from and experience with diverse, caring colleagues around the world.

• Enjoy a respectful, welcoming environment that fosters individuality and encourages pioneering thought.

• Join the bright and creative minds of RGA, and experience vast, endless career potential.

We’re excited to get to know you and connect your unique skills with our global opportunities. To create a modern and seamless experience, we use artificial intelligence (AI) in parts of our preliminary screening process. This technology helps us personalize job recommendations, automate interview scheduling, evaluate candidates based solely on experience—without considering name, gender, or other personal details—and provide real-time answers through our chatbot. AI is used only during early screening and never makes hiring decisions. Your RGA recruiter will work closely with you every step of the way to ensure the process feels personal, thoughtful, and focused on you.

Compensation Range: