Senior Splunk Engineer

What you'll do:

• Act as an escalation point for 24x7x365 security monitoring across multiple clients, collaborating closely with DevOps and product teams.
• Work with various technology stacks in major cloud providers such as AWS, Azure, and GCP.
• Automate and oversee the analysis of security events using logs and open-source knowledge to identify legitimate incidents and false positives.
• Create and maintain queries, dashboards, custom views, saved searches, and alerts.
• Prepare for, monitor, detect, analyze, contain, remediate, and recover from security incidents.
• Develop and implement automation using Splunk.
• Maintain a record of security monitoring activities using case management and ticketing technologies.
• Develop processes, best practices, and procedures for intrusion detection, file integrity, endpoint protection, log management, and SIEM solutions.
• Establish architecture and standards for security tools, leveraging various data sources and protocols.
• Define standards for environment-specific rules, alerts, and dashboards in Splunk through custom queries.
• Consult with clients to customize and configure Splunk to meet security and compliance requirements.
• Support the incident response process to address security anomalies.
• Utilize technical writing skills to create analytical reports and briefings.
• Develop and maintain standard operating procedures and training materials.
• Participate in on-call rotations to support client operational needs outside of business hours.
• Conduct testing and data reviews to evaluate the effectiveness of current security and operational measures.
• Administer and maintain SIEM, Log Management, and Data Analytical Platforms.
• Perform System Health Checks on managed technologies and provide recommendations for performance improvements.
• Schedule and execute regular technical changes, including version updates, security patches, and major software releases, following best practices for change management.
• Lead the resolution of customer-initiated requests such as Log Source configuration, App installation, Data Parsing, Use Case Development, and troubleshooting complex issues for managed technologies.
• Develop technical solutions for automating repeatable tasks.
• Provide guidance, instruction, and leadership to Security Analysts.
• Responsibilities also include onboarding new data sources, developing alerting mechanisms, creating run books, conducting security investigations, responding to incidents, and deploying security solutions in a rapidly growing environment

What you'll bring:

• Act as an escalation point for 24x7x365 security monitoring across multiple clients, collaborating closely with DevOps and product teams.
• Bachelor's degree or higher in a related Information Technology field, or equivalent combination of education and experience.
• 5-7 years of experience in 24x7x365 production security operations.
• 5-7 years of experience administering and operating security tools such as Splunk, IDS, and endpoint protection.
• 4+ years of hands-on technical experience supporting cloud operations and automation in Azure, AWS, and/or GCP.
• Understanding of the cybersecurity environment, including network and host system security issues, compliance, and certification.
• Familiarity with Splunk architectures, data modeling, solutions development, dashboard design, and Splunk Enterprise Security administration.
• Knowledge of common network and host-based attacks, defense architectures, and security tools.
• Experience with ITSM solutions such as Jira and ServiceNow.
• Proven experience configuring, implementing, and supporting Splunk Enterprise components deployed in the Cloud.
• ·       Knowledge of scripting languages such as Python.
• Understanding of regular expressions and query languages.
• ·Practical experience in Linux infrastructure administration.
• Experience in Information Security with a focus on incident response and security engineering.
• Experience analyzing events or incidents, conducting log and forensic analysis, identifying security vulnerabilities, and determining remediation methods.
• Experience developing playbooks, runbooks, troubleshooting technical issues, and recognizing patterns.
• Experience with AWS and vendor SaaS integrations.
• Experience with automation, security tool building, and deployment.
• Proficiency with infrastructure as code, such as Terraform.
• Excellent communication, organizational, and problem-solving skills in a dynamic environment.
• Effective documentation skills, including technical diagrams and written descriptions.
• Ability to work independently and collaboratively with a professional attitude and demeanor.
• US citizenship (required).

• EC-Council Certified Security Analyst (ECSA) or Certified SOC Analyst (CSA), CompTIA Cybersecurity Analyst (CySA+), GIAC certifications.
• Splunk Certified Enterprise Security Admin certification.
• Splunk Core Certified Advanced Power User certification.
• Previous experience supporting 24x7x365 security operations for a SaaS vendor.
• Experience contributing to security incident handling and investigation, and/or system scenario recreation.
• Experience in malware analysis, threat intelligence, forensics, or penetration testing.
• Familiarity with tools like Kali Linux, Wireshark, Metasploit, IDA Pro, or open-source debuggers.
• Familiarity with frameworks such as FedRAMP, FISMA, SOC, ISO, HIPAA, HITRUST, PCI, etc.