Remote Splunk Content Engineer

Apply for this position Please mention DailyRemote when applying
timePosted 9 days ago location United States salarySalary undisclosed
Before you apply - make sure the job is legit.

Attempting to apply for jobs might take you off this site to a different website not owned by us. Any consequence as a result for attempting to apply for jobs is strictly at your own risk and we assume no liability.

Job Description

No C2C or Subvendors allowed for this position. TEKsystems is currently looking to hire a Level 3 Splunk Content Developer with previous Security Operations Centers (SOC) experience.


The Level 3 Splunk Content Engineer will be a key member of the SIEM and Content Engineering team providing technical leadership and expertise to a Cyber Security Operations Center. This role is also responsible for supporting the architecture changes, tool deployments and advanced content development.


Essential Functions:


• Provide thought leadership for all design, implementation, and maintenance activities related to the SIEM and IDS/IPS platforms.

• Create, optimize, and continuously evaluate security monitoring content on the SIEM

• Design and create new detection techniques and improve/tune existing ones.

• Identify gaps in existing security capabilities

• Advanced Use Case development to detect threats targeting to on-prem and cloud environments (Use Case from Roadmap as well as hunting related UCs)

• Recommend and assist in technology evaluations and implementations.

• Stay current with and remain knowledgeable about new threats. Analyze attacker tactics, techniques and procedures (TTPs) from security events

• Configure incident response and remediation workflows for ES and SOAR products

• Develop and Implement Actionable Alerts and Workflow for Splunk

• Develop and Implement Apps & Knowledge Objects (KO) like Dashboard, Reports, Data Models

• Provide Analyst training and workshops on using Splunk

• Review new content, alerts and data sources

• Provide proficient knowledge of recognizing and onboarding new data sources into Splunk, analyzing the data for parsing purposes to make it CIM compliant, then building use cases to fulfill stakeholder requirements.

• Create and update documentation and playbooks

• 24/7 on-call support (as needed)

• Develop SOAR Playbook to optimize SOC and IR processes


Qualifications:

• Minimum 3+ years of Splunk ES or other SIEM solutions with experience in designing, implementing, and maintaining a fully operating SIEM solution.

• Experience working with SIEM systems, threat intelligence platforms, security automation and orchestration solutions, intrusion detection and prevention systems (IDS/IPS), file integrity monitoring (FIM), DLP and other network and system monitoring tools.

• Proficiency in one or more programming/scripting languages - experience with Python, SQL and PowerShell is strongly preferred.

• Strong knowledge of information security concepts, trends, and practices.

• Working knowledge of various network and security systems.

• Familiarity with basic statistics/probability and Big Data analytics techniques.

• Splunk Certification is preferred (Admin or Architect)

• Experience developing SOAR recipes required (Phantom, Demisto)

• Experience developing detection monitoring in the Cloud preferred (AWS/Azure/Prisma)



Skills:

splunk, splunk enterprise, soc, automation, scripting



Top Skills Details:

-Minimum 3+ years of Splunk ES or other SIEM solutions with experience in designing, implementing, and maintaining a fully operating SIEM solution.

-Content Development experience helping with all logs into Splunk, building use cases to detect threats on-prem and the cloud, building content around data, data modeling, onboarding new data sources into Splunk.

-SOAR and/or Automation experience, developing playbooks and recipes with tools such as Phantom, Demisto, or RSA SOAR, etc..

-Establishing controls within on-prem and the cloud



Additional Skills & Qualifications:

-100% Remote

-Past experience working in a SOC is not required, but a nice to have as that would mean the content and data this resource would be manipulating would also be understood from Cyber Security Perspective.



Experience Level:

Expert Level





About TEKsystems:

We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.

The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.