Position Summary: As Security Engineer, you'll join the Cybersecurity Operations team, where you'll serve as the frontline detective monitoring and correlating real-time threat data from firewalls, cloud assets, EDR, and AI-driven platforms like Darktrace. You'll design, tune, and optimize Splunk Enterprise Security dashboards, detection rules, and correlation searches to cut false positives while delivering rapid, high-fidelity alerts. Leveraging your experience SOC environments, you'll lead deep incident investigations, spearhead proactive threat-hunting missions, and drive remediation priorities based on risk and business impact. Collaboration is key: you'll partner with global engineers, cloud specialists, and incident-response teams to continuously improve our security posture and document best-practice playbooks.
Responsibilities:- Monitor and analyze security event logs from multiple sources, including firewalls, intrusion detection/prevention systems, endpoint protection platforms, servers, cloud environments, and tools like Darktrace, to identify potential threats.
- Monitor, triage, and investigate alerts and logs within the Splunk SIEM and Splunk Enterprise Security (ES) platform.
- Assist in improving SIEM processes, detection coverage, alert fidelity, and operational workflows including creating dashboards
- Support the onboarding and integration of logs from enterprise systems into the Splunk environment.
- Validate log source completeness, data normalization, rule logic, and alert relevance across critical systems and infrastructure
- Perform initial analysis of security events, escalate incidents when appropriate, and assist with root cause identification.
- Conduct in-depth investigations of security incidents and recommend remediation and containment actions.
- Conduct proactive threat hunting using SIEM, EDR, CASB, and network detection tools, such as Darktrace, to identify suspicious activity that may have bypassed traditional controls.
- Tune and optimize correlation searches, detection rules, dashboards, and use cases to improve operational efficiency and reduce false positives.
- Prioritize remediation efforts based on risk, severity, and business impact.
- Participate in incident response activities and support threat hunting initiatives as needed.
- Collaborate with cross-functional teams to respond effectively to cybersecurity incidents and strengthen overall security posture.
- Create and maintain documentation for log flows, detection use cases, triage procedures, playbooks, cybersecurity processes, and operational standards.
Requirements- Bachelor's degree in Computer Science, Information Security, Information Assurance, or a related field; Master's degree preferred.
- 3+ years of experience in a cybersecurity operations or related security role.
- 2+ years of hands-on experience administering Splunk Enterprise Security (ES).
- Strong hands-on experience with Splunk log ingestion, data normalization, search heads, indexers, SPL query development, and dashboard optimization.
- Knowledge of detection engineering, correlation rule development, and incident response workflows.
- Proven experience in threat analysis & incident response.
- Strong understanding of security log sources, including Windows and Linux servers, firewalls, endpoint tools, cloud infrastructure, and network detection platforms, such as Darktrace.
- Experience triaging and analyzing security alerts in complex, multi-platform enterprise environments.
- Familiarity with cloud platforms such as AWS, Azure, or similar environments.
- Strong analytical, communication, and collaboration skills, with the ability to clearly present findings and recommendations.
- Ability to work effectively across diverse global teams and adapt to evolving business and technical environments.
- Curious, resilient, and data-driven, with a proactive approach to solving security challenges.
Preferred Qualifications:
- Relevant certifications such as Splunk Enterprise Security Certified Admin.
- Experience with supporting tools such as Darktrace, Crowdstrike, or Netskope are highly preferred
- Active knowledge & experience with rule creation & executing correlation searches in Splunk.
BenefitsSamsung SDSA offers a comprehensive suite of programs to support our employees:
- Top-notch medical, dental, vision and prescription coverage
- Wellness program
- Parental leave
- 401K match and savings plan
- Flexible spending accounts
- Life insurance
- Paid Holidays
- Paid Time off
- Additional benefits
