Senior Splunk Engineer Uba Soar (Remote)

Position Overview

The Engineer will integrate Splunk SOAR with Splunk Enterprise/Cloud to facilitate data sharing and enhance security operations through automation. They will develop and implement Splunk SOAR playbooks to streamline actions, augmenting existing security tools and protocols to improve detection, responsiveness, and remediation.

Using Splunk UBA s machine learning, the Engineer will identify hidden threats and anomalies across users, devices, and applications, applying data science techniques to provide actionable insights with risk ratings and evidence. They will monitor and evaluate OCC security systems, addressing current risks, proactively mitigating future threats, and conducting vulnerability assessments. The Engineer will prepare detailed reports on cybersecurity threats and potential responses, offering recommendations for system improvements to support informed decision-making.

Primary Duties and Responsibilities

• Use out-of-the-box and tailored machine learning (ML) algorithms to detect insider threats.
• Provide context around the threat via ML driven anomaly correlation and visual mapping of stitched anomalies over various phases of an attack s lifecycle.
• Increase security operation efficiency with rank-ordered threats and supporting evidence.
• Support bi-directional integration with Splunk Enterprise for data ingestion and correlation, and with Splunk Enterprise Security for incident scoping, workflow management and automated response.
• The Engineer will utilize the pre-built dashboards and search engine to: Use SPL commands to refine data searches. Ingest and review data. Monitor activities within the environment, including viewing containers and artifacts using dashboards. Pull audit logs from instances. Issue REST API commands to environments.

Required Skills and Experience

• Experience with the Splunk utility. Must be able to perform standard and custom configurations of the utility.

• Experience creating, generating, and modifying default and custom dashboards and reports.

• Experience with Command Line Interface. Experience creating and modifying alerts based on correlation rules and established indicators. Experience ingesting new data sources.

• Experience analyzing Splunk data and interpreting that data for issue identification and improvement or rectification recommendations.

• Experience identifying and interpreting anomalous data and providing recommended actions.

• Experience synthesizing large volumes of data in actionable recommendations.

Preferred Qualifications

• Be a Splunk Core Certified Power User

• Be a Splunk Enterprise Certified Admin

• Have experience using the Splunk playbook editor.

Years of Relevant Experience

• 5+ years of Splunk level experience

Work Environment

• Fast paced, remote based in the US.