About Cognizant Corporate

Cognizant Corporate is a global community united by a shared purpose: to make a meaningful impact. We are committed to excellence and driven by outcomes that matter. Collaboration is at the heart of how we work, and our forward-thinking mindset fuels continuous learning, innovation, and growth.

At Cognizant, careers transcend titles. We empower our people to think strategically, inspire others, and lead with purpose – always guided by our core values. Join us in shaping future of business.

About the role

As a SOD Associate, you will drive impactful contributions and focus on outcomes. You will be a key member of the Cyber Security team, collaborating with Arulanandakumar N. As a member of Corporate Security (CS) Global Cyber Operations (GCO) team Log Onboarding Engineer is responsible for the integration routing transformation and optimization of log data using Cribl Stream and Cribl Edge platforms. The engineer builds and maintains pipelines implements data shaping logic ensures metadata normalization and supports compliance-driven retention or masking policies. As a team of self-starters, you can work with impact with our vibrant people and culture all while enjoying unmatched learning opportunities.

In this role, you will:

- Design and implement Cribl pipelines for routing filtering enriching and transforming logs from diverse log sources.

- Onboard new log sources from infrastructure cloud applications and security tooling (e.g. firewalls proxies EDR cloud APIs).

- Create source-specific configurations and route logs to designated destinations like Splunk Elastic S3 Kafka or data lakes.

- Develop parsing metadata tagging masking and enrichment logic to normalize log events across formats and vendors.

- Manage Cribl Worker Groups Edge Nodes and Stream routes for scalable ingestion performance.

- Implement logic to drop noisy events reduce duplication and optimize license usage in downstream SIEM platforms.

- Troubleshoot ingestion issues pipeline errors source latency and message drops with Cribl diagnostics.

- Coordinate onboarding activities with detection engineers platform engineers and asset owners.

- Build dashboards or logging metrics to monitor onboarding status coverage completeness and success/failure rates.

- Maintain up-to-date documentation of data flows onboarding configurations and source dictionaries.

- Support audits compliance requests and secure handling policies by applying redaction masking or suppression logic where needed

- Embrace our vibrant culture by striving for excellence, focusing on meaningful outcomes, and collaborating effectively. Take ownership, build relationships, and focus on personal growth to drive business strategy and foster an inclusive culture, creating unmatched career opportunities and impactful work.

What you must have to be considered

• 4+ years in cybersecurity, with 2+ years in security operations or detection engineering.

  
  

• Strong understanding of SIEM platforms and detection engineering.

  
  

• Familiarity with MITRE ATT&CK, D3FEND, Cyber Kill Chain, and threat modeling.

  
  

• Scripting (Python), query languages (SPL, KQL), and automation tools.

  
  

• Certifications like GCIA, GCTI, GDSA, CISSP, CEH, Security+, or MITRE ATT&CK Defender.

  
  

· Hands-on experience with Cortex XSIAM for detection content development and incident lifecycle management.

• A strong sense of ownership, desire to create meaningful outcomes, and passion for work that serves a greater good for customers, communities, or global challenges.
• The embodiment of Cognizant’s Values of: Work as One, Dare to Innovate, Raise the Bar, Do The right Thing, & Own It

These will help you succeed

• Experience in globally distributed teams.

  
  

• Strong analytical and problem-solving skills.

  
  

• Ability to develop hypotheses and analyze subtle anomalies.

  
  

• Effective communication and reporting skills.

  
  

• Familiarity with cyber risk frameworks and flexibility for cross-timezone collaboration.

  
  

• Experience in integrating Cortex XSIAM with threat intelligence and SOC workflows.

  
  

The working arrangements for this role are accurate as of the date of posting. This may change based on the project you’re engaged in, as well as business and client requirements. Rest assured; we will always be clear about role expectations.

We're excited to meet people who share our mission and can make an impact in a variety of ways. Don't hesitate to apply, even if you only meet the minimum requirements listed. Think about your transferable experiences and unique skills that make you stand out as someone who can bring new and exciting things to this role.

The Cognizant community:
We are a high caliber team who appreciate and support one another. Our people uphold an energetic, collaborative and inclusive workplace where everyone can thrive.

• Cognizant is a global community with more than 300,000 associates around the world.
• We don’t just dream of a better way – we make it happen.
• We take care of our people, clients, company, communities and climate by doing what’s right.
• We foster an innovative environment where you can build the career path that’s right for you.

About us:
Cognizant is one of the world's leading professional services companies, transforming clients' business, operating, and technology models for the digital era. Our unique industry-based, consultative approach helps clients envision, build, and run more innovative and efficient businesses. Headquartered in the U.S., Cognizant (a member of the NASDAQ-100 and one of Forbes World’s Best Employers 2025) is consistently listed among the most admired companies in the world. Learn how Cognizant helps clients lead with digital at www.cognizant.com

Cognizant is an equal opportunity employer. Your application and candidacy will not be considered based on race, color, sex, religion, creed, sexual orientation, gender identity, national origin, disability, genetic information, pregnancy, veteran status or any other characteristic protected by federal, state or local laws.

Disclaimer: 
Compensation information is accurate as of the date of this posting. Cognizant reserves the right to modify this information at any time, subject to applicable law.

Applicants may be required to attend interviews in person or by video conference. In addition, candidates may be required to present their current state or government issued ID during each interview.