Splunk Detection Engineer - 100% Remote!
Vienna, VA
Applications have closed
Job Description:
XOR Security is currently seeking a talented Splunk Detection Engineer to support a Cyber Security Operation Center’s advanced threat detection team for a commercial financial customer in Vienna, VA.
Role: (100 % REMOTE)
In this role, you will be responsible for developing security content supporting the 24x7 monitoring operations, and response to cybersecurity threats. You will have a deep understanding of Information Security principles and disciplines coupled with expert level knowledge of Splunk Processing Language (SPL), excellent development skills, and a continuous desire to learn and grow. We are a passionate team who has fun, enjoys a good laugh but above all else thinks security first.
Responsibilities:
- You will use your deep Splunk expertise building correlation searches from scratch to detect cybersecurity threats
- Draw from your industry expertise in understanding how an attacker would behave and translate it to custom security detection content
- Engage with other teams to ensure detections are working as intended
- Identify and prioritize new data sources and their applicability to the detection of advanced adversaries
- Lead efforts to ensure data sources are compliant with Splunk’s Common Information Model (CIM)
- Modify logic of existing detections to reduce false-positive rates, and align them more consistent with their intent
- Drive complex initiatives with key business partners to continuously improve visibility
- Ensure that security-relevant data is flowing to appropriate Splunk Data Models
- Map security content to MITRE ATT&CK Framework
- Understand & manage development backlog to ensure a steady stream of activities
- Conduct sprint reviews and celebration of successes for all items in the workstream.
- Collaborate across teams for training, development opportunities, and service improvement
- Provide mentorship for willing and able candidates looking to dive into security content development
- Capture development metrics in direct-support to executive-level briefings (daily, weekly, monthly)
- Ensure that all documents, workflows and processes remain accurate and up-to-date
Requirements:
- You have 5- 7 years of experience as a SOC Analyst, Security Content Developer and/or Security Engineer
- Certifications: Splunk Enterprise Security Certified Admin, Splunk Enterprise Certified Admin
- Desired other certs: CISSP, GCIA, GCIH, GREM, GXPN, GNFA or other SANS certification
- Advanced Splunk Enterprise Security experience
- Deep understanding of Splunk Data Models
- Ability to build and interpret Splunk Processing Language (SPL) fluidly
- Ability to understand systems quickly, and translate understanding into logic to detect anomalies with the system
- You can lead people to think critically by guiding them without doing the work for them
- You have a passion for learning and a desire to enable the growth of others
- You possess a demonstrated ability to speak with people with varying knowledge in IT Security concepts and have the tailor your message to the audience
- You have a deep understanding of Incident Response framework, root cause analysis
- Capability to look at a process to identify opportunities for cycle-time reduction
- Advanced working knowledge of Cloud technologies
- Ability to multitask, prioritize and take-charge
- Ability and desire to think outside of the box for creative solutions to problems with the moxie to follow-through
- Excellent interpersonal skills and ability to see things through the customer’s eyes
- Tremendous attention to detail
- Eligible to work in the United States without company sponsorship
- Bachelor’s degree in computer science, information security or related discipline is required or equivalent work experience
Closing Statement:
XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement - Applicants selected must meet background investigation eligibility requirements - US CITIZENSHIP required.
Tags: CISSP Clearance Cloud Computer Science GCIA GCIH GNFA GREM GXPN Incident response MITRE ATT&CK Monitoring SANS Splunk Threat detection
Perks/benefits: 401(k) matching Career development Health care Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open DevSecOps-related jobs