Engineer

• Integrate new data sources, which may include databases, APIs, files, etc.; Validating and creating appropriate configurations for CIM compliant logs; Processing requests from cybersecurity analysts for new detections within Splunk Enterprise Security; Analyzing existing logs to identify poorly formatted logs and potential gaps when implementing new detections; Adding and maintaining threat feeds within Splunk Enterprise Security; Monitoring the performance of and tuning detections; Managing asset and identity inventory within Splunk Enterprise Security; Creating and maintaining new Splunk apps; Recommending additions or changes to Splunk or its data models to meet detection needs; Developing searches, reports, and other functionalities for cyber-based use-cases, including active response, intrusion detection, vulnerability management, and related use cases; Assisting users with creating and optimizing searches and dashboards and mentoring others in good development of said resources; Attend online/Teams meetings with team and others as appropriate; Work with team to provide status on current task, suggest improvements, discuss implementation; Expectation/Deliverables: Capture business requirements and implement the requirements; Analyze data and perform initial planning to address identified issues; Assist with the creation of playbooks to address identified issues from analysts; Seek to understand the intention of detections and corresponding playbooks; Provide basic feedback on existing playbooks and detections; Identify telemetry quality and visibility issues (SIEM parsing/normalization, EDR/XDR sensor health, asset/identity tagging); Improved candidate: Provide advanced recommendations to address gaps in logging and detections; Create detailed and thorough testing plans; Produce clear metrics and reports (FP rate, backlog) for technical and executive audiences; Excellent candidate: Create advanced use cases for detections and map detections to MITRE; Drive continuous improvements to existing processes or tooling; Perform quality reviews and improve detections and actions; Coach, guide, teach others on the team in use of Enterprise Security

Splunk Detection Engineer

Senior Device Lab Engineer

Cyber Splunk Engineer

Senior Forward Deployed Engineer

Quality Process Engineer

Process Engineer – Service Delivery