Senior SIEM Splunk SME

Summary

Join Abnormal Security's Security & Privacy team as a Sr. SIEM/Detection Engineer. You will play a vital role in designing, developing, and implementing automated Splunk solutions for enhanced incident response, threat detection, and remediation. Collaborate with cross-functional teams to optimize workflows, create custom dashboards, and ensure smooth SIEM operation. Responsibilities include maturing Splunk data models, refining detection processes, and providing training. This position requires a Bachelor's degree or equivalent experience, 5+ years of security experience, and strong Splunk and scripting skills. The ideal candidate will possess advanced degrees, relevant certifications, and familiarity with various security tools and cloud platforms.

Requirements

• Bachelor’s Degree in Information Security, Computer Science, Digital Forensics, Cyber Security, or equivalent years of professional experience to meet job requirements and expectations
• 5+ years of experience in the security domain, including both a detailed understanding of attacker techniques and tracking the threat actors behind specific campaigns
• Demonstrated experience with Splunk Enterprise and Mission Control, including the ability to develop complex searches, dashboards, and reports
• Strong scripting skills (e.g., Python, PowerShell) with experience in automating tasks and processes within Splunk Mission Control
• Deep understanding of incident response methodologies and best practices, with the ability to translate these into automated workflows within SIEM and SOAR solutions
• Excellent problem-solving skills with a proactive approach to identifying and resolving technical challenges
• Strong interpersonal skills with the ability to effectively communicate technical concepts to both technical and non-technical stakeholders. Proven ability to collaborate with cross-functional teams

Responsibilities

• Design, develop, and implement automated solutions within Splunk Mission Control to streamline incident response, threat detection, and remediation processes
• Build custom dashboards and visualizations within Splunk to provide actionable insights for incident analysis and monitoring. Build capabilities to present analyst performance data to measure detection efficacy and response times
• Collaborate with cross-functional teams to identify opportunities for improving incident response workflows and develop automated solutions to enhance efficiency
• Monitor the performance and health of the SIEM infrastructure, troubleshoot issues, and implement necessary optimizations to ensure smooth operation
• Document automated workflows, best practices, and standard operating procedures for Cyber Defense analysts. Provide training and support to enable team members to effectively utilize automated solutions
• Develop and implement detection lifecycle processes, including tuning and refinement of detection rules, to improve the accuracy and efficacy of threat detection capabilities
• Collaborate with stakeholders to enhance and mature Splunk data models to align with evolving business requirements and improve data analysis capabilities

Preferred Qualifications

• Advanced degree in Computer Science, Engineering, or Cybersecurity
• OSCP, OSCE, or GPEN, GCIH, GCPN, GWAPT certifications
• Splunk certifications such as Splunk Certified Power User or Splunk Certified Admin would be advantageous
• Familiarity with other security tools and technologies such as IDS/IPS, EDR solutions, etc., to integrate with Splunk Mission Control
• Experience working with cloud platforms (e.g., AWS, Azure, GCP) and integrating Splunk Mission Control with cloud-based services
• Understanding of machine learning and artificial intelligence concepts, with the ability to leverage these technologies to enhance automated processes within Splunk
• Knowledge of DevOps practices and tools for automation, continuous integration, and continuous deployment (CI/CD) pipelines