Principal SOC Engineer - Security Telemetry & Detection Platforms

You desire impactful work. You’re RGA ready RGA is a purpose-driven organization working to solve today’s challenges through innovation and collaboration. A Fortune 500 Company and listed among its World’s Most Admired Companies, we’re the only global reinsurance company to focus primarily on life- and health-related solutions. Join our multinational team of intelligent, motivated, and collaborative people, and help us make financial protection accessible to all. Owns the architecture, engineering, and strategic direction of the security monitoring infrastructure supporting global SOC operations. Drives innovation and scalability across core platforms such as Splunk Cloud, Cribl Cloud, and CrowdStrike Falcon to enable high-fidelity detection, efficient telemetry pipelines, and rapid incident response. Operates at a highly dedicated and specialized engineering level, influencing enterprise-wide security telemetry strategy, mentoring senior engineers, and ensuring alignment with threat detection and response objectives.   Principle Duties • Architect and lead the engineering strategy for SOC platforms, including Splunk Cloud (SIEM), Cribl Cloud (observability pipelines), and CrowdStrike Falcon (EDR/XDR), ensuring scalability, resilience, and operational efficiency. • Influence design and enforce telemetry standards across cloud, endpoint, and network environments, ensuring comprehensive visibility and alignment with threat detection frameworks (e.g., MITRE ATT&CK). • Engineer and optimize Cribl pipelines for secure, cost-effective, and high-performance log routing, transformation, and enrichment across multiple destinations. • Engineer and maintain Splunk Cloud detection content with a focus on platform performance, automation, and cost efficiency to optimize correlation searches, alerting logic, and data models reducing resource consumption, improving signal quality, and streamlining operational workflows. • Implement and govern role-based access controls (RBAC), user provisioning, and least privilege models across SOC tooling to ensure secure and auditable operations. • Lead integration efforts between SOC platforms and broader enterprise systems (e.g., SOAR, cloud-native logging, threat intelligence feeds), driving automation and interoperability. • Advise security leadership, security architects, and infrastructure teams on telemetry strategy, detection engineering, and platform capabilities. • Participate in high-severity incident response efforts, providing deep technical expertise in log analysis, root cause investigation, and tooling support. • Evaluate emerging technologies and lead proof-of-concept initiatives to enhance SOC capabilities and reduce operational friction. • Establish and refine engineering processes, including CI/CD for detection content, observability pipeline governance, and platform health monitoring. • Mentor senior engineers and technical leads, fostering a culture of excellence, innovation, and continuous improvement. Education • Bachelor’s Degree in Arts/Sciences (BA/BS) or equivalent experience - Required Required Experience, Skills And Abilities • 10+ years IT architecture, production support, or related systems experience • 12+ years relevant IT experience • Expert-level experience with Splunk Cloud, including SPL optimization, CIM compliance, risk-based alerting, and Enterprise Security (ES) content development. • Advanced proficiency in Cribl Cloud, including pipeline design, Packs, Routes, and integrations with cloud-native, application, and on-premise infrastructure log sources (e.g., AWS, Azure, GCP). • Deep technical knowledge of CrowdStrike Falcon, including user provisioning, policy management, detection tuning, API integrations, and threat hunting workflows. • Strong understanding of detection engineering, threat modeling, and adversary behavior frameworks (e.g., MITRE ATT&CK, D3FEND). • Proficiency in scripting and automation (Python, PowerShell) and experience with SOAR platforms (e.g., TINES) and infrastructure-as-code (e.g., Terraform). • Experience supporting or architecting solutions for 24/7 SOC environments, including global telemetry ingestion and multi-region deployments. • Advanced project management skills. Demonstrates an ability to evaluate project objectives and scope for feasibility, understanding, scheduling, and managing projects to budget and plan. • Advanced ability to translate business needs and problems into systems’ design and technical solutions. • Advanced interpersonal skills, demonstrating an ability to lead and mentor support staff. • Complex analytical and problem-solving skills. • Advanced oral and written communication skills. • Ability to work well within and manage a team environment. • Ability to multi-task. What you can expect from RGA • Gain valuable knowledge from and experience with diverse, caring colleagues around the world. • Enjoy a respectful, welcoming environment that fosters individuality and encourages pioneering thought. • Join the bright and creative minds of RGA, and experience vast, endless career potential. Compensation Range $146,950.00 - $218,950.00 Annual Base pay varies depending on job-related knowledge, skills, experience and market location. In addition, RGA provides an annual bonus plan that includes all roles and some positions are eligible for participation in our long-term equity incentive plan. RGA also maintains a full range of health, retirement, and other employee benefits. RGA is an equal opportunity employer. Qualified applicants will be considered without regard to race, color, age, gender identity or expression, sex, disability, veteran status, religion, national origin, or any other characteristic protected by applicable equal employment opportunity laws. Apply tot his job Apply To this Job