Cybersecurity Engineer – Splunk SME
Dragonfli Group
AWSAzureCloudCyber SecurityGoogle Cloud PlatformJavaScriptLinuxPythonSplunkSQLUnix
Lead SIEM Engineer
Rockwell Automation
full-time
Posted on:
Origin: • 🇺🇸 United States
Visit company websiteJob Level
Senior
Tech Stack
CloudFirewallsPerlPHPPythonSDLCSplunk
About the role
- Lead the deployment and configuration of Microsoft Sentinel to monitor security events across a diverse infrastructure
- Integrate and onboard different data sources (e.g., firewalls, servers, endpoints, cloud platforms) into Microsoft Sentinel for comprehensive security monitoring
- Oversee the collection, parsing, and normalization of logs for security event analysis, ensuring comprehensive and accurate data ingestion
- Develop alerts, reports, data models, dashboards, and connectors to support custom user requirements and continuous security monitoring
- Build and optimize playbooks within Microsoft Sentinel to automate common security workflows and incident response procedures
- Use Microsoft Sentinel's capabilities to conduct proactive threat hunting, identifying latest attack patterns, and building custom detection rules
- Collaborate with Incident Response, Threat Intelligence, Threat Hunting, Infrastructure, and Cloud teams to ensure comprehensive and seamless security coverage across all environments, both on-premises and in the cloud
- Develop recommendations in collaboration with other team members to maximize Enterprise capabilities in prevention, detection, analysis, containment, eradication, and recovery from cyber-attacks
- Leverage automation and orchestration solutions to automate repetitive tasks
- Stay up-to-date with latest security threats, trends, and tools, and incorporate new insights into the Sentinel environment for improved protection
Requirements
- Bachelor's Degree or Equivalent Years of Relevant Work Experience
- Legal authorization to work in the U.S. We will not sponsor individuals for employment visas, now or in the future, for this job opening.
- Typically requires a minimum of 5 years of experience in the Information Security field
- 5+ years of hands-on experience with SIEM and UEBA solutions, specifically Microsoft Sentinel or Splunk
- Hands-on experience with Cribl or similar data pipeline tools to manage, enrich, and route security telemetry for improved visibility and SIEM efficiency
- Microsoft Sentinel certifications
- Understanding of log collection methodologies and aggregation techniques such as Syslog, NXlog, Windows Event Forwarding
- Strong knowledge of at least one programming or scripting language (ex. Python, PowerShell, PHP, Perl)
- Understanding of security models and frameworks (ex. MITRE ATT&CK, MITRE D3FEND, Cyber Kill Chain (CKC))
- Demonstrated experience providing customer-focused solutions, support, or service
- Security certifications (Security+, GSEC, GCIH, GCIA, CISSP, NCSF, etc)
- Familiar with Risk Based Alerting (RBA) frameworks and implementation
- Experience architecting, planning, deploying, and using SIEM or UEBA platforms
- Experience integrating or using endpoint security and host-based intrusion detection solutions
- Demonstrated experience in one of the following fields Cyber Threat Intelligence, Incident Response, or Computer Forensics
- Strongly prefer candidates who have solid knowledge of one or more programming or scripting language such as PHP, Perl, Python, PowerShell
Similar jobs on JobTailor
Senior Security Operations Manager
Pure Storage
AssemblyAWSAzureCloudCyber SecurityGoogle Cloud PlatformLinuxMacOSPythonSplunk
Information Security Analyst
General Dynamics Information Technology
CloudCyber SecurityLinuxOpen SourceSplunkTypeScript
Senior Cyber Security Analyst, SOC
General Dynamics Information Technology
CloudCyber SecurityLinuxOpen SourcePythonSplunkTCP/IP
Senior Cyber Security Engineer – Application Development
Switzerland Global Enterprise
CloudCyber SecurityLinuxPythonRTOSSDLC