Senior SIEM Splunk SME

Summary

Join Abnormal Security as a Sr. SIEM/Detection Engineer and contribute to a leading cybersecurity company by designing, developing, and implementing automated solutions within Splunk to enhance incident response, threat detection, and remediation processes. You will collaborate with cross-functional teams to optimize incident response workflows, develop custom dashboards and visualizations, and ensure the smooth operation of the SIEM infrastructure. This role involves maturing Splunk data models, refining detection lifecycle processes, and improving threat detection capabilities.

Requirements

• Bachelor’s Degree in Information Security, Computer Science, Digital Forensics, Cyber Security, or equivalent years of professional experience to meet job requirements and expectations
• 5+ years of experience in the security domain, including both a detailed understanding of attacker techniques and tracking the threat actors behind specific campaigns
• Demonstrated experience with Splunk Enterprise and Mission Control, including the ability to develop complex searches, dashboards, and reports
• Strong scripting skills (e.g., Python, PowerShell) with experience in automating tasks and processes within Splunk Mission Control
• Deep understanding of incident response methodologies and best practices, with the ability to translate these into automated workflows within SIEM and SOAR solutions
• Excellent problem-solving skills with a proactive approach to identifying and resolving technical challenges
• Strong interpersonal skills with the ability to effectively communicate technical concepts to both technical and non-technical stakeholders. Proven ability to collaborate with cross-functional teams

Responsibilities

• Mission Control Automation Development : Design, develop, and implement automated solutions within Splunk Mission Control to streamline incident response, threat detection, and remediation processes
• Custom Dashboard Creation : Build custom dashboards and visualizations within Splunk to provide actionable insights for incident analysis and monitoring. Build capabilities to present analyst performance data to measure detection efficacy and response times
• Incident Response Optimization : Collaborate with cross-functional teams to identify opportunities for improving incident response workflows and develop automated solutions to enhance efficiency
• Continuous Monitoring and Maintenance : Monitor the performance and health of the SIEM infrastructure, troubleshoot issues, and implement necessary optimizations to ensure smooth operation
• Documentation and Training : Document automated workflows, best practices, and standard operating procedures for Cyber Defense analysts. Provide training and support to enable team members to effectively utilize automated solutions
• Detection Lifecycle Processes : Develop and implement detection lifecycle processes, including tuning and refinement of detection rules, to improve the accuracy and efficacy of threat detection capabilities
• Splunk Data Model Maturation : Collaborate with stakeholders to enhance and mature Splunk data models to align with evolving business requirements and improve data analysis capabilities

Preferred Qualifications

• Advanced degree in Computer Science, Engineering, or Cybersecurity
• OSCP, OSCE, or GPEN, GCIH, GCPN, GWAPT certifications
• Splunk certifications such as Splunk Certified Power User or Splunk Certified Admin would be advantageous
• Familiarity with other security tools and technologies such as IDS/IPS, EDR solutions, etc., to integrate with Splunk Mission Control
• Experience working with cloud platforms (e.g., AWS, Azure, GCP) and integrating Splunk Mission Control with cloud-based services
• Understanding of machine learning and artificial intelligence concepts, with the ability to leverage these technologies to enhance automated processes within Splunk
• Knowledge of DevOps practices and tools for automation, continuous integration, and continuous deployment (CI/CD) pipelines