Securonix is leading the transformation of cybersecurity by helping organizations stay ahead of modern threats.
Security teams are no longer constrained by data or tools. They are constrained by speed, clarity, and confidence. Securonix was built to close that gap. Our mission is to enable security teams to decide and act faster across the entire threat lifecycle.
The Securonix Unified Defense SIEM is the industry’s first platform powered by agentic AI and designed with a human-in-the-loop philosophy. It unifies detection, investigation, and response in a single system. Advanced UEBA delivers deep behavioral insight across users, entities, and data. Native threat intelligence continuously enriches detections and investigations with real-world context. AI reinforces every layer of the platform while keeping accountability with the security team.
Built cloud-native for scale and performance, the platform enables real-time analytics, deep investigation, and automated response without compromise. Analysts gain faster access to relevant signals. Investigations move from days to minutes. Response becomes consistent and measurable. The result is a CyberOps experience that scales as threats evolve.
Securonix is recognized as a six-time Leader in the Gartner Magic Quadrant for SIEM and a Customers’ Choice on Gartner Peer Insights. The company has been featured by leading publications including WIRED, Dark Reading, and Fortune for its innovation and leadership in security operations. Organizations rely on the platform for always-available data, rapid search and investigation, continuously updated threat content, and a fully integrated Threat Detection, Investigation, and Response experience.
Backed by Vista Equity Partners, one of the world’s leading enterprise software investors, Securonix benefits from deep operational expertise and a long-term commitment to innovation and growth. This partnership strengthens our ability to scale the platform, accelerate product execution, and support customers as their security needs evolve.
With more than 1,000 customers worldwide, including a meaningful portion of the Fortune 100, Securonix operates at global scale. Our ecosystem of partners and managed security service providers extends that reach, helping organizations deploy and operate with confidence wherever they do business. What drives us is how we work.
We win as one team. We operate with trust, respect, and shared accountability.
We are customer driven. Innovation is guided by real security challenges and measurable outcomes.
We act with agility. Change is constant, and we stay aligned on purpose while adapting fast.
That focus is how Securonix helps organizations move from reactive security to proactive, autonomous operations.
About the Role:
We are looking for a highly experienced
SIEM / Syslog Expert
with deep hands-on expertise in
syslog-ng
, log ingestion pipelines, and large-scale event processing. This role requires strong understanding of
syslog internals, filtering strategies, performance tuning, and reliability engineering
to build efficient, scalable, and foolproof log ingestion systems.
You will play a key role in designing and optimizing
high-throughput syslog pipelines
handling thousands of events per second, ensuring accuracy, efficiency, and resilience.
Key Responsibilities:
•
Design, implement, and optimize
syslog-ng configurations
for high-volume log ingestion environments.
•
Develop and maintain
complex filtering logic
to ensure accurate routing, normalization, and noise reduction of logs.
•
Analyze
and improve
log pipeline performance (CPU, memory, latency, throughput)
.
•
Build
efficient, scalable, and fault-tolerant syslog architectures
.
•
Troubleshoot issues related to:
o
High CPU/memory usage
o
Message drops / backpressure
o
Ordering and duplication issues
o
Network/TCP/TLS ingestion problems
•
Optimize
buffering, batching, and flow control mechanisms
in syslog-ng.
•
Work closely with SIEM platforms (
e.g.
Securonix
,
Splunk, ELK) to ensure seamless ingestion.
•
Ensure
log integrity, reliability, and completeness
across the pipeline.
•
Implement best practices for:
o
Log parsing (RFC3164, RFC5424)
o
Structured vs unstructured logs
o
Secure syslog (TLS)
•
Perform
capacity planning and load testing
for syslog pipelines.
•
Create
test frameworks
to validate syslog filters and configurations.
•
Document standards, guidelines, and reusable configurations.
Required Skills & Expertise:
Core Skills
•
Deep expertise in
syslog-ng (mandatory)
•
Strong understanding of
syslog protocol internals
o
RFC3164, RFC5424
o
TCP/UDP/TLS
behavior
•
Expertise in designing
syslog filters and routing logic
•
Strong experience with
log parsing, pattern matching, and regex optimization
Performance & Reliability
•
Experience tuning:
o
log-
iw
-size
,
log-
fifo
-size
o
flush_lines
,
so_rcvbuf
o
disk-buffer and memory management
•
Understanding of
backpressure, buffering, and flow control
•
Experience handling
high EPS (10K–100K+) environments
Troubleshooting
•
Ability to debug:
o
Message loss
o
Duplicate events
o
Out-of-order processing
o
High CPU/memory usage
•
Strong Linux debugging skills:
o
tcpdump
,
netstat
,
ss
,
top
,
strace
SIEM & Data Pipelines
•
Experience with one or more:
o
Splunk / ELK /
QRadar
•
Understanding of
log ingestion pipelines (Kafka, Spark, etc.)
•
Knowledge of
data enrichment and normalization
Good to Have:
•
Experience with
Kafka-based ingestion pipelines
•
Knowledge of
distributed systems and streaming architectures
•
Experience with
cloud environments (AWS)
•
Familiarity with
security logs (firewalls, IAM, endpoint, network devices)
What We’re Looking For:
•
Someone who can
look at a syslog-ng config and immediately identify inefficiencies
•
Deep understanding of
how filters impact performance and correctness
•
Ability to design
clean, maintainable, and scalable configurations
•
Strong ownership mindset and problem-solving skills
•
Ability to make systems
efficient, resilient, and foolproof
Key Outcomes Expected:
•
Reduced log ingestion latency and resource usage
•
Optimized filtering with minimal false positives/negatives
•
Stable, scalable syslog pipelines under high load
•
Zero/near-zero log loss
•
Well-documented and maintainable configurations
Securonix, Inc. provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, age, disability, genetic information, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state and local laws. Securonix complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including hiring, placement, promotion, termination, layoff, recall, and transfer, leaves of absence, compensation and training.
Securonix expressly prohibits any form of unlawful employee harassment based on race, color, religion, gender, sexual orientation, national origin, age, genetic information, disability or veteran status. Improper interference with the ability of Securonix employees to perform their expected job duties is absolutely not tolerated.
