Cybersecurity Incident Response Analyst

Description

Splunk, a Cisco company, is building a safer and more resilient digital world with an end-to-end full stack platform made for a hybrid, multi-cloud world. Leading enterprises use our unified security and observability platform to keep their digital systems secure and reliable. Our customers love our technology, but it's our caring employees that make Splunk stand out as an amazing career destination. No matter where in the world or what level of the organization, we approach our work with kindness. So bring your work experience, problem-solving skills and talent, of course, but also bring your joy, your passion and all the things that make you, you. Come help organizations be their best, while you reach new heights with a team that has your back.
Role:

The Cybersecurity Incident Response Analyst works in Splunk's global, shift-based, 24/7 Security Operations Center (SOC) supporting the detection and response to cyber threats. You will have comprehensive applied knowledge of Information Security and Information Technology principles, excellent communication skills, and a desire to continuously learn and grow. We are a passionate team who has fun and enjoys a good laugh, but above all else, thinks security first!
Responsibilities:

• Support the 24x7 SOC operation: respond to security alerts, contain threats, and ensure the safety and security of Splunk's product environments
• Assist in tuning and updating detection logic in collaboration with Detection Engineering
• Improve the quality of searches to enrich data through creation of automation and orchestration playbooks
• Participate in threat hunting engagements across Splunk environments to surface sophisticated attacks and threats
• Collect and represent evidence to support the organization's compliance and control monitoring responsibilities
• Author, review, and update existing runbooks to ensure optimal and efficient response actions
• Partner with Splunk's Center of Excellence to validate existing data sources and improve data ingestion standards, ensuring data quality
• Collaborate with Splunk product teams by sharing observations and helping test security-related features
• Work closely with teammates to share knowledge and contribute to a positive and effective team environment

Requirements:

• Bachelor's degree in computer science or related field or equivalent relevant experience (2+ years)
• Familiarity with information security technologies, including firewalls, intrusion detection systems, and endpoint security tools; basic understanding of cloud and container security tools and practices is a plus
• Solid grasp of TCP/IP protocols, DNS, network analysis, and the OSI framework
• Exposure or hands-on experience with cloud platforms and technologies
• Ability to manage multiple tasks and stay organized in a fast-paced environment
• Approaches problems creatively and follows through on solutions
• Excellent interpersonal skills and ability to see situations through a Customer First lens; ability to translate sophisticated technical concepts into clear, accessible language
• Meticulous attention to detail; consistently meets high standards of quality

Splunk is an Equal Opportunity Employer

At Splunk, we believe creating a culture of belonging isn't just the right thing to do; it's also the smart thing. We prioritize diversity, equity, inclusion, and belonging to ensure our employees are supported to bring their best, most authentic selves to work where they can thrive. Qualified applicants receive consideration for employment without regard to race, religion, color, national origin, ancestry, sex, gender, gender identity, gender expression, sexual orientation, marital status, age, physical or mental disability or medical condition, genetic information, veteran status, or any other consideration made unlawful by federal, state, or local laws. We consider qualified applicants with criminal histories, consistent with legal requirements.

Thank you for your interest in Splunk!