Splunk Detection Engineer - 100% Remote!

Job Description: 

XOR Security is currently seeking a talented Splunk Detection Engineer to support a Cyber Security Operation Center’s advanced threat detection team for a commercial financial customer in Vienna, VA.  

Role: (100 % REMOTE)

In this role, you will be responsible for developing security content supporting the 24x7 monitoring operations, and response to cybersecurity threats. You will have a deep understanding of Information Security principles and disciplines coupled with expert level knowledge of Splunk Processing Language (SPL), excellent development skills, and a continuous desire to learn and grow. We are a passionate team who has fun, enjoys a good laugh but above all else thinks security first.

Responsibilities:

• You will use your deep Splunk expertise building correlation searches from scratch to detect cybersecurity threats
• Draw from your industry expertise in understanding how an attacker would behave and translate it to custom security detection content
• Engage with other teams to ensure detections are working as intended
• Identify and prioritize new data sources and their applicability to the detection of advanced adversaries
• Lead efforts to ensure data sources are compliant with Splunk’s Common Information Model (CIM)
• Modify logic of existing detections to reduce false-positive rates, and align them more consistent with their intent
• Drive complex initiatives with key business partners to continuously improve visibility
• Ensure that security-relevant data is flowing to appropriate Splunk Data Models
• Map security content to MITRE ATT&CK Framework
• Understand & manage development backlog to ensure a steady stream of activities
• Conduct sprint reviews and celebration of successes for all items in the workstream.
• Collaborate across teams for training, development opportunities, and service improvement
• Provide mentorship for willing and able candidates looking to dive into security content development
• Capture development metrics in direct-support to executive-level briefings (daily, weekly, monthly)
• Ensure that all documents, workflows and processes remain accurate and up-to-date

Requirements:

• You have 5- 7 years of experience as a SOC Analyst, Security Content Developer and/or Security Engineer
• Certifications: Splunk Enterprise Security Certified Admin, Splunk Enterprise Certified Admin
• Desired other certs: CISSP, GCIA, GCIH, GREM, GXPN, GNFA or other SANS certification
• Advanced Splunk Enterprise Security experience
• Deep understanding of Splunk Data Models
• Ability to build and interpret Splunk Processing Language (SPL) fluidly
• Ability to understand systems quickly, and translate understanding into logic to detect anomalies with the system
• You can lead people to think critically by guiding them without doing the work for them
• You have a passion for learning and a desire to enable the growth of others
• You possess a demonstrated ability to speak with people with varying knowledge in IT Security concepts and have the tailor your message to the audience
• You have a deep understanding of Incident Response framework, root cause analysis
• Capability to look at a process to identify opportunities for cycle-time reduction
• Advanced working knowledge of Cloud technologies
• Ability to multitask, prioritize and take-charge
• Ability and desire to think outside of the box for creative solutions to problems with the moxie to follow-through
• Excellent interpersonal skills and ability to see things through the customer’s eyes
• Tremendous attention to detail
• Eligible to work in the United States without company sponsorship
• Bachelor’s degree in computer science, information security or related discipline is required or equivalent work experience

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement - Applicants selected must meet background investigation eligibility requirements - US CITIZENSHIP required.