Senior Splunk Engineer
United States
Applications have closed
Coalfire
Coalfire is the cybersecurity advisor that combines extensive cloud expertise, technology, and innovative approaches to help clients develop scalable…What you'll do:
- Act as an escalation point for 24x7x365 security monitoring across multiple clients, collaborating closely with DevOps and product teams.
- Work with various technology stacks in major cloud providers such as AWS, Azure, and GCP.
- Automate and oversee the analysis of security events using logs and open-source knowledge to identify legitimate incidents and false positives.
- Create and maintain queries, dashboards, custom views, saved searches, and alerts.
- Prepare for, monitor, detect, analyze, contain, remediate, and recover from security incidents.
- Develop and implement automation using Splunk.
- Maintain a record of security monitoring activities using case management and ticketing technologies.
- Develop processes, best practices, and procedures for intrusion detection, file integrity, endpoint protection, log management, and SIEM solutions.
- Establish architecture and standards for security tools, leveraging various data sources and protocols.
- Define standards for environment-specific rules, alerts, and dashboards in Splunk through custom queries.
- Consult with clients to customize and configure Splunk to meet security and compliance requirements.
- Support the incident response process to address security anomalies.
- Utilize technical writing skills to create analytical reports and briefings.
- Develop and maintain standard operating procedures and training materials.
- Participate in on-call rotations to support client operational needs outside of business hours.
- Conduct testing and data reviews to evaluate the effectiveness of current security and operational measures.
- Administer and maintain SIEM, Log Management, and Data Analytical Platforms.
- Perform System Health Checks on managed technologies and provide recommendations for performance improvements.
- Schedule and execute regular technical changes, including version updates, security patches, and major software releases, following best practices for change management.
- Lead the resolution of customer-initiated requests such as Log Source configuration, App installation, Data Parsing, Use Case Development, and troubleshooting complex issues for managed technologies.
- Develop technical solutions for automating repeatable tasks.
- Provide guidance, instruction, and leadership to Security Analysts.
- Responsibilities also include onboarding new data sources, developing alerting mechanisms, creating run books, conducting security investigations, responding to incidents, and deploying security solutions in a rapidly growing environment
What you'll bring:
- Act as an escalation point for 24x7x365 security monitoring across multiple clients, collaborating closely with DevOps and product teams.
- Bachelor's degree or higher in a related Information Technology field, or equivalent combination of education and experience.
- 5-7 years of experience in 24x7x365 production security operations.
- 5-7 years of experience administering and operating security tools such as Splunk, IDS, and endpoint protection.
- 4+ years of hands-on technical experience supporting cloud operations and automation in Azure, AWS, and/or GCP.
- Understanding of the cybersecurity environment, including network and host system security issues, compliance, and certification.
- Familiarity with Splunk architectures, data modeling, solutions development, dashboard design, and Splunk Enterprise Security administration.
- Knowledge of common network and host-based attacks, defense architectures, and security tools.
- Experience with ITSM solutions such as Jira and ServiceNow.
- Proven experience configuring, implementing, and supporting Splunk Enterprise components deployed in the Cloud.
- · Knowledge of scripting languages such as Python.
- Understanding of regular expressions and query languages.
- ·Practical experience in Linux infrastructure administration.
- Experience in Information Security with a focus on incident response and security engineering.
- Experience analyzing events or incidents, conducting log and forensic analysis, identifying security vulnerabilities, and determining remediation methods.
- Experience developing playbooks, runbooks, troubleshooting technical issues, and recognizing patterns.
- Experience with AWS and vendor SaaS integrations.
- Experience with automation, security tool building, and deployment.
- Proficiency with infrastructure as code, such as Terraform.
- Excellent communication, organizational, and problem-solving skills in a dynamic environment.
- Effective documentation skills, including technical diagrams and written descriptions.
- Ability to work independently and collaboratively with a professional attitude and demeanor.
- US citizenship (required).
- EC-Council Certified Security Analyst (ECSA) or Certified SOC Analyst (CSA), CompTIA Cybersecurity Analyst (CySA+), GIAC certifications.
- Splunk Certified Enterprise Security Admin certification.
- Splunk Core Certified Advanced Power User certification.
- Previous experience supporting 24x7x365 security operations for a SaaS vendor.
- Experience contributing to security incident handling and investigation, and/or system scenario recreation.
- Experience in malware analysis, threat intelligence, forensics, or penetration testing.
- Familiarity with tools like Kali Linux, Wireshark, Metasploit, IDA Pro, or open-source debuggers.
- Familiarity with frameworks such as FedRAMP, FISMA, SOC, ISO, HIPAA, HITRUST, PCI, etc.
Tags: Automation AWS Azure Cloud Compliance CompTIA CySA+ DevOps ECSA FedRAMP FISMA Forensics GCP GIAC HIPAA HITRUST IDS Incident response Intrusion detection Jira Kali Linux Malware Metasploit Monitoring Pentesting Python SaaS Scripting SIEM SOC Splunk Terraform Threat intelligence Vulnerabilities
Perks/benefits: Career development Competitive pay Equity Flex hours Flex vacation Health care Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open IPS-related jobs