Splunk UBA Engineer

Title: Splunk UBA Engineer

Location: On-site in Doral, FL 33172

Duration/Type of Job: 2 months

MUST HAVE SECRET CLEARANCE

Job Title: Splunk UBA Engineer

We are seeking an experienced and analytical Splunk UBA Engineer to implement, optimize, and maintain our User Behavior Analytics (UBA) platform. In this role, you will use behavioral modeling and machine learning capabilities in Splunk UBA to identify insider threats, compromised accounts, data exfiltration, and other advanced attack techniques. You will work closely with SOC analysts, engineers, and data owners to turn user activity data into actionable intelligence and risk-based threat detections.

Key Responsibilities

Deploy, configure, and maintain the Splunk UBA platform, including data ingestion, normalization, and threat model tuning.
Deploy UBA cluster designing the build
Ingest and map logs from various sources (e.g., Active Directory, VPN, firewalls, proxy, endpoint, etc.) into UBA.
Develop and refine behavioral baselines and anomaly detection models to identify suspicious or malicious activity.
Tune and customize threat models to align with organizational risks and reduce false positives.
Collaborate with the SOC and threat detection teams to operationalize UBA detectionsthrough risk scoring, notable events, and incident response workflows.
Build and maintain dashboards, entity timelines, and investigative tools within UBA to support threat hunting and investigations.
Integrate UBA output with Splunk Enterprise Security (ES) or SOAR platforms for automated response and triage.
Continuously evaluate new data sources, use cases, and detection strategies to enhance UBA capabilities.
Document procedures, configurations, and threat model customizations.