Match score not available

Unlock Premium Benefits Today!
🚀 Elevate your career with priority access.
Stand out to top recruiters with Jobgether Priority Access:
  • ✅ Top Match: We help you identify job offers where you're a perfect fit.
  • ✅ Exclusive Referral Service: Connect directly with recruiters as a Jobgether Certified Premium User.
  • ✅ Personalized Feedback: Receive feedback and expert guidance on applications, and have your profile manually reviewed.

Start Your Free Trial Now!

Start my free trial

Splunk Cyber Security Engineer/Architect

Remote: 
Full Remote
Work from: 
United States

Offer summary

Qualifications:

Experience with Splunk configurations and alerts, Knowledge of security frameworks like RBA, Familiarity with multiple alerting platforms, Ability to train and assist CISO teams.

Key responsabilities:

  • Implement and tune dynamic detections in Splunk
  • Develop use cases and security workflows with CISO end users
RAZOR logo
RAZOR Scaleup https://razortalent.com/
51 - 200 Employees
About RAZOR
RAZOR is a provider of technology solutions to the government (and commercial organizations). For over 7 years we have partnered with federal agencies, healthcare, and financial institutions to help solve complex mission and business challenges. We are a certified Woman Owned Small Business (WOSB) and strive to create an inclusive work environment that fosters creativity, innovation, and productivity. We recognize that diverse teams lend to better decision-making and problem-solving skills allowing us to improve the bottom line and serve a wide range of clients. We bring razor-sharp commitment.
See more RAZOR offers

Job description

Splunk Service Engineer/Architect

Razor is looking for a Splunk Service Engineer/Architect. Candidates should have experience implementing dynamic detections, integrating alerting platforms with, but not limited to, Tanium, SEP, Microsoft Defender for endpoint, Sysmon, Microsoft O365 Security alerting, Analyst1, VDI, VMware, Linux Audit logging in conjunction with the advanced Risk-Based Alerting (RBA) security framework. In addition, the applicant would be responsible for tuning and configuration of Splunk Core and Splunk Enterprise Security (ES) services, develop use cases with CISO end users to build content and assist in developing advanced security use cases. Participate in requirements gathering, solutions architecting, design and build of technology solutions to support Continuous Monitoring Program. Assist, train, and host workshops for CISO teams. Support off-hours and weekend efforts for incident investigations and systems maintenance.


Required skills:

    • Develop and Implement Actionable Alerts and Workflow for Splunk as a SIEM (Security Information & Event Management) tool
    • Develop and Implement Apps & Knowledge Objects (KO) like Dashboard, Reports, Data Models
    • Work with the Splunk Architect/Admin to promote private KO to Global KO
    • Assist, and/or train CISO Splunk Engineering team on Data Lifecycle Support
    • Assist, train, and/or host workshops CISO teams and analysts on Searching and Content Development
    • Develop and implement automation to improve efficiency of CISO workflows using Splunk
    • Assist in development of advanced security use cases in Splunk
    • Develop risk rules and risk incident rules to correlate and alert to significant cyber events.
    • Develop custom dashboards specific to RBA (Risk Based Alerting) to highlight risk detail, health analysis and risk suppression.
    • Configure incident response and remediation workflows for ES around notable events (RBA or otherwise alerted)
    • Develop custom machine learning (ML) models to support anomaly-detection based augmentation of alerting
    • Work with numerous stakeholders to implement & maintain event logging from various operating systems, applications, identity providers, network infrastructure, and cloud service providers.
    • Understanding of network protocols, operating systems, applications, and device event telemetry
    • Have strong communication and collaboration skills, both oral and written, with excellent interpersonal and organization skills.
    • Understanding of network defense tools (firewall, IPS/IDS, WAF/CDN, etc), endpoint defense tools (EDR, anti-malware) a plus
    • Experience with SAAS- or cloud-hosted Splunk implementation a plus.

Required profile

Experience

Spoken language(s):
English
Check out the description to know which languages are mandatory.

Hard Skills

Machine LearningSecurity Information And Event Management (SIEM)SplunkComputer Network DefenseInformation Lifecycle ManagementLog MonitoringCloud ServicesNetwork ProtocolsEndpoint SecurityTanium (Endpoint Management Software)VMware VirtualizationWindows DefenderSystraceAzure SecurityEvent LoggingSplunk Development

Other Skills

  • Collaboration
  • Communication
  • Social Skills
Are you interested?

Cybersecurity Engineer Related jobs

See more Cybersecurity Engineer jobs
Sign in or sign up with Google or LinkedIn