Qualifications

• Several years of hands-on experience with Splunk, specifically in Enterprise Security (ES) implementation and content development.
• Strong proficiency in SPL (Search Processing Language) and regular expressions for data manipulation.
• Experience with scripting languages like Python, Perl, or Bash for automation tasks.
• In-depth understanding of the Common Information Model (CIM) and data onboarding processes at scale.
• Familiarity with supporting clustered Splunk environments in Security Operations Center (SOC) or Network Operations Center (NOC) settings.
• Experience in SIEM data modeling on a large scale.
• Linux proficiency including editing and maintaining Splunk configuration files.

Responsibilities

• Develop custom detection content including correlation searches and alerts to identify security threats.
• Build and maintain Splunk Apps and Technology Add-ons (TAs) to enhance functionality.
• Onboard and normalize new data sources according to the Common Information Model (CIM).
• Optimize data flow and ingestion processes through aggregation and filtering techniques.
• Configure notable event actions and adaptive responses for efficient incident management.
• Tune detection mechanisms to reduce unnecessary noise and enhance alert relevance.
• Create dashboards to visualize anomalies, trends, and key security metrics.

Benefits

• Remote work flexibility, enabling a work-from-home lifestyle.
• Opportunity to work on cutting-edge security technology and platforms.
• Collaborative environment partnering with client security and SOC teams.
• Opportunity to sharpen skills in a rapidly evolving field of cybersecurity.