Sr. SIEM Engineer, Splunk | Remote, USA

View full description

Requirements:

• 5+ years professional experience managing and maintaining SIEM systems.
• 2-3 years professional experience working with networks and network architecture.
• 1+ year professional experience writing SIEM content specifically for Splunk.
• Ability to deal confidently with complex technical problems.
• Expert-level knowledge of Splunk Enterprise Security.
• Experience with building intricate searches from disparate data sources.
• Extensive experience using the Enterprise Security Asset & Identity and Threat Intelligence Framework within Splunk.
• Proficient with managing Unix and Linux operating systems.
• Strong experience with writing complex regular expressions (Regex) to extract fields from data.
• Experience with extracting fields, multi-value fields, tags, field aliases, etc.
• Well-versed in building threat detections using security logs.
• In-depth knowledge of security logging for Linux, Windows, major EDRs, Firewalls, & Active Directory.
• Experience with installing and configuring Splunk CORE and Splunk Enterprise Security.
• Ability to aggregate and analyze logs from various deployed security devices.
• Experience with configuring and/or working with Splunk Search Head and/or Indexer Clusters.
• Experience with creating custom applications, dashboards, reports, and alerts.
• Shift flexibility with on-call support when needed.
• Experience with internal and client Ticketing and Knowledge Base Systems.

Responsibilities:

• Help lead the Splunk team by prioritizing client work requests, projects, and service tasks.
• Work closely with Management, Service Delivery, and Principal Engineers in defining processes and procedures for internal projects.
• Analyze and identify areas of improvement with existing processes, procedures, and documentation.
• Assist in team development by defining strategies and responsibilities to be successful and grow.
• Develop internal training methods to support Managed Services and their clients.
• Act as a point of escalation for Junior SIEM Engineers, providing guidance and mentorship.
• Assist with client activation and onboarding.
• Explain and demonstrate how to use SIEM products to technical and non-technical personnel.
• Provide remote consulting services via interactive client sessions for multiple product vendors and technologies.
• Implement and configure SIEM software and appliance-based products in Enterprise and Government environments.
• Develop, deploy, and tune SIEM content and reporting.
• Interact professionally with customers and partners as required.
• Perform knowledge transfers and train clients on security and system configuration.