Cribl Data Analytics Engineer in City of London

Location: London (Hybrid 4 Days per Week Onsite)

Contract Length: 12 Months

Engagement: Inside IR35

Start Date: ASAP

Overview

We are supporting a leading financial services organisation in London seeking an experienced Cribl Data Analytics Engineer to join a large-scale Cyber Security and Observability programme. The successful candidate will be responsible for designing, implementing, and optimising data pipelines using Cribl technologies, ensuring the efficient collection, transformation, routing, and analysis of security and operational telemetry data across enterprise environments. This role will work closely with Cyber Security, SOC, Infrastructure, Cloud, Data Engineering, and Application teams to improve data visibility, reduce SIEM costs, and enhance security monitoring capabilities.

Key Responsibilities

• Design, deploy, and manage Cribl data pipelines across enterprise environments.
• Configure and support Cribl Stream, including data collection, transformation, filtering, enrichment, masking, and routing.
• Optimise telemetry ingestion into SIEM and observability platforms.
• Implement data reduction strategies to improve platform efficiency and reduce licensing costs.
• Develop and maintain data parsing, normalisation, and enrichment processes.
• Support integration with security and monitoring platforms such as Splunk, Microsoft Sentinel, Elastic, and Datadog.
• Troubleshoot data ingestion, routing, and pipeline performance issues.
• Work with Security Operations teams to ensure required log sources are onboarded and monitored.
• Support cloud and hybrid environments including Azure, AWS, and on-premises infrastructure.
• Create dashboards, reports, and analytics to support operational and security use cases.
• Document solutions, operational procedures, and technical designs.
• Participate in change management, testing, and production deployments.
• Provide technical guidance and knowledge transfer to operational teams.

Requirements

Required Skills & Experience

• Cribl Expertise
• Strong hands-on experience with:
• Cribl Stream
• Cribl Search
• Cribl Edge
• Cribl Lake (desirable)
• Experience building and managing large-scale data pipelines.
• Strong understanding of data routing, filtering, enrichment, and transformation.

• Security & Observability
• Experience working with:
• Splunk
• Microsoft Sentinel
• Elastic Stack
• Datadog
• Security Information and Event Management (SIEM) platforms
• Understanding of SOC operations and security monitoring requirements.
• Experience onboarding security log sources.

• Data & Analytics
• Strong log analysis and troubleshooting skills.
• Experience with structured and unstructured data.
• Knowledge of JSON, Syslog, REST APIs, and common log formats.
• Experience developing dashboards and reporting solutions.

• Cloud & Infrastructure
• Azure and/or AWS experience.
• Understanding of Windows and Linux environments.
• Networking fundamentals including TCP/IP, DNS, SSL/TLS, and load balancing.

• Automation & Scripting
• Python
• PowerShell
• Bash/Shell scripting
• API integration and automation

Desirable Experience

• Financial Services or Investment Banking experience.
• Large-scale observability or cyber transformation programmes.
• Experience with OpenTelemetry.
• Experience with Infrastructure as Code (Terraform).
• Experience with Kubernetes and containerised environments.
• Exposure to DevOps and CI/CD pipelines.

Personal Attributes

• Strong analytical and problem-solving skills.
• Excellent stakeholder management and communication skills.
• Ability to work independently within complex enterprise environments.
• Strong documentation and reporting skills.
• Collaborative approach with cross-functional technical teams.

Key Deliverables

• Successful onboarding of security and operational data sources.
• Optimised Cribl pipelines reducing unnecessary data ingestion.
• Improved visibility and monitoring across security platforms.
• Accurate and reliable data routing to multiple destinations.
• Documentation and operational handover to support teams.