NO SPONSORSHIP
Security Incident Response Engineer / Splunk Administrator
Salary: $130-$140k + 20 percent bonus
Location: 100% Remote
Looking for a Security Incident Response Engineer / Splunk Administrator with threat hunting, incident response, threat management, threat intelligence. You will be executing threats incident response, digital forensics threat protection. Must also have splunk administration experience not just as user. Key to the job along with the incident response, splunk customize user settings, customizing the splunk.
- Must have Splunk/ES Administration experience
- Splunk Certification
POSITION SUMMARY
You will provide content, conclusions, and actionable recommendations to mitigate risk and stop attackers cold.
The candidate should have an applied and in-depth understanding of security information and event management (SIEM) solutions and the logs and events needed to detect malware, attacker tactics, techniques, and procedures. In addition to having a breadth of technical experience, the candidate should have customer communication experience.
How you will make an impact:
- Work with application development teams and third-party vendors to develop data for enterprise applications in order to create appropriate logs and events
- Create logging configuration standards for all IT infrastructure and instructs IT on how to configure systems to log appropriately
- Create event dashboards and metrics and establishes threshold standards
- Perform centralized data onboarding and log ingestion into the Splunk platform to improve the visibility of security threat management at Company
- Administer Splunk Enterprise Security solution in a highly available, redundant, distributed multi-site clustered environment
- Create and optimize correlation searches for the Security Operations Center (SOC) analysts
- Assist in the operations, performance, and troubleshooting of Splunk, Search Heads, Indexers, Heavy Forwarders, Deployment Server, Splunk Apps/TAs and Data Models
- Provide recommendations and implement changes to optimize the Splunk platform
- Reproduce issues, file bug reports, and escalate cases to Splunk support as necessary
- Performs log audits and actively works to improve log management compliance
- Ensures data retention of logs and alerts meets corporate standards
- Maintain Splunk systems internal documentation, including SOP’s and design documents
- Create technical documentation related to system configurations, process, procedure, and knowledgebase articles.
- Support defensive tools and solutions that identify and stop advanced adversary tactics and techniques.
- Participate in Computer Incident Response Team (CIRT) responses to active and time-sensitive threats including communications and coordination across different teams.
- Work closely with other members of the Cyber Risk Management team to lead changes in the company’s defense posture.
What we look for:
- 5+ years of experience in information security – Incident Response
- 2+ years of hands-on experience with Splunk Enterprise Security
- Certified Splunk Administrator/Enterprise Security
- Relevant security certifications
- Experience administrating and operating Splunk in an enterprise environment
- Knowledge and experience working with the Splunk API
- Understands the security incident response discipline, including threat hunting, forensics, intrusion detection, and threat intelligence
- Experience with at least one interpreted programming language (Python, Ruby, etc.)
- Proficiency in PowerShell and/or Bash
- Understanding of TCP/IP networking
- Experience in common phishing and other social engineering tactics
- Familiarity with malware, command and control channels, and attacker tactics, techniques, and procedures
- Heavy Security Incident Response experience