Senior Splunk Engineer Enterprise Security Team Lead (Remote)

Position Overview

The Engineer shall support the maintenance and enhancement of the Splunk Enterprise Security environment. The Engineer is expected to onboard data sources and normalize data to be integrated with existing searches processes. The Engineer is expected to review Splunk Security dashboards, identify potential areas for improvement, and address the identified deficiencies.

Primary Duties and Responsibilities

• Configure and maintain the Splunk Enterprise Security environment.
• Develop and customize dashboards, reports, and alerts to meet specific security requirements.
• Onboard data sources and normalize data to Common Information Model (CIM) compliance.
• Create and modify correlation rules, tuning for false positives.
• Document Enterprise Security configurations and processes for knowledge transfer.
• Other responsibilities include data analysis and issue identification, change management, and execution of knowledge transfer.
• Assist with the ingestion, normalization, and analysis of data.
• Work with the OCC to turn volumes of raw data (e.g., log files) into actionable insights.
• Leverage the risk-based alerting (RBA) in Splunk ES to create a correlation search framework to collect risk events.
• Help discern high-priority threats from low-priority threats including those stemming from AI-driven threat campaigns.
• Help streamline threat and attack investigations.
• Customize alerts for varying levels of granularity based on conditions such as data thresholds, trend-based conditions, and behavioral pattern recognition.
• Leverage and integrate the ITSI, UBA, and SOAR utilities to take advantage of the collective monitoring potential.

Required Skills and Experience

• Experience with the Splunk utility. Must be able to perform standard and custom configurations of the utility.

• Experience creating, generating, and modifying default and custom dashboards and reports.

• Experience with Command Line Interface. Experience creating and modifying alerts based on correlation rules and established indicators. Experience ingesting new data sources.

• Experience analyzing Splunk data and interpreting that data for issue identification and improvement or rectification recommendations.

• Experience identifying and interpreting anomalous data and providing recommended actions.

• Experience synthesizing large volumes of data in actionable recommendations.

Preferred Qualifications

• Be a Splunk Enterprise Security Certified Amin

• Be a Splunk Core Certified Power User

• Be a Splunk Enterprise Certified Admin
• Have experience using the Splunk playbook editor.

Years of Relevant Experience:

• 8+ years of Splunk level experience

Work Environment

• Remote, based in the US.