Remote Senior Security Engineer, Splunk Enterprise Security

Summary

Join BlueVoyant's Splunk Deployment Engineering Team as a Sr. Security Engineer to utilize advanced knowledge of Splunk security and lead large SIEM projects, enabling Splunk MDR offerings within customer environments and clouds.

Requirements

• At least 8 years of technical experience with enabling security technologies
• Strong experience with Splunk Enterprise and Splunk Cloud management and configuration
• Advanced experience in Splunk Enterprise Security premium app configuration and management
• Strong experience in Splunk Search Process Language (SPL)
• Knowledge and familiarity of enterprise IT systems in relation to cyber security and log management
• Hands-on engineering experience with SIEM and MDR technologies
• Excellent communication skills to work in a dynamic and fast-paced team environment

Responsibilities

• Work on Splunk Enterprise and Splunk Cloud project implementations for customers (remotely), starting with design and architecture, deployment and use case tune-up
• Participate in the development of SIEM customizations to meet the customer requirements for enhancing MDR services
• Create and develop new detection, automation and reporting use cases per customer requirements
• Assess and report maturity of client SIEM and MDR deployments
• Define and assist in the creation of operational and executive security reports and dashboards
• As needed, assist with multi-SIEM environments that include Splunk, Microsoft Sentinel, and Azure technologies
• Work on MDR integration activities across the Splunk, Cribl and Microsoft Sentinel product stacks
• Be a strategic and lead technical delivery resource within a team for large and enterprise client-facing projects
• Act as a lead on the Deployment Engineering team and provide mentoring for other mid and junior level engineers
• Participate in ongoing support activities for client facing environments to help mature and maintain our MDR practices
• Identify and implement improvements around process and technical enablement
• Contribute to knowledge sharing activities, such as internal documentation, lunch and learns, public facing blogs, etc

Preferred Qualifications

• Strong experience in additional query languages and/or script development such as SQL, Bash PowerShell, SKQL, etc
• Experienced and comfortable in customer facing roles
• Expertise in Cloud technologies such as Azure, AWS, or GCP
• Expertise in understanding of Incident investigation and response skill sets
• Proficient in Python, bash scripting, and/or RegEx
• Proficient with navigating and supporting Linux & Windows hosts; AWS, Azure and GCP hosted infrastructure; AD, Rsyslog/Syslog-ng and other related technologies