Senior Detection Engineer/ Splunk Engineer/ Cybersecurity Detection Engineer/ Senior Security Engineer/ Threat Detection Engineer Splunk & Cloud Security

Job Description:

Overview
We are looking for an experienced Senior Detection Engineer specializing in Splunk Enterprise Security (ES), Splunk SOAR, and proactive detection engineering. This role is critical to enhancing our cybersecurity posture through the development and onboarding of advanced detection use cases aimed at preventing and mitigating enterprise and product security threats, including fraud.
Key Responsibilities Detection Engineering & Use Case Development

• Develop, deploy, and manage detection use cases in Splunk ES and SOAR for enterprise and product security operations.
• Identify and implement proactive threat detection techniques using data analytics, threat intelligence, and anomaly detection methodologies.
• Continuously evaluate and optimize existing detection capabilities to maintain effectiveness against emerging threats.

Automation & Script Development

• Develop custom automation scripts in Python to enhance Splunk SOAR playbooks and integrations.
• Automate repetitive security processes, improving operational efficiency and response time.

Threat Intelligence Integration

• Integrate and operationalize threat intelligence feeds and platforms including Recorded Future, Rapid7 Threat Command, and Anomali into detection workflows.
• Collaborate closely with threat intelligence analysts to refine and contextualize threat data.

Cloud Security Expertise

• Implement and enhance security monitoring and detection capabilities specific to AWS environments.
• Collaborate with cloud operations teams to ensure seamless integration of security detection capabilities with AWS infrastructure.

Incident Detection & Response

• Support security operations teams with the detection and analysis of cybersecurity incidents.
• Continuously refine detection strategies based on lessons learned from incidents and industry best practices.

Collaboration & Communication

• Work cross-functionally with cybersecurity teams, infrastructure teams, and application developers to align detection capabilities with business needs.
• Clearly communicate technical concepts and detection strategies to stakeholders of varying technical backgrounds.

Required Skills & Experience

Technical Expertise

• Strong proficiency in Splunk ES and Splunk SOAR (formerly Phantom), including playbook creation, automation workflows, and complex query development.
• Demonstrable experience in Python scripting, including development of custom automation solutions beyond standard SOAR capabilities.
• Extensive knowledge and hands-on experience with threat intelligence platforms (Recorded Future, Rapid7 Threat Command, Anomali).
• Proven expertise managing security in AWS cloud environments.

Cybersecurity Operations

• Deep understanding of cybersecurity frameworks, methodologies, and best practices in SOC environments.
• Hands-on experience in incident detection, response processes, and proactive threat mitigation strategies.

Problem Solving & Analytical Skills

• Ability to analyze complex security events and design effective detection and mitigation strategies.
• Skilled in troubleshooting, diagnosing, and resolving security detection and automation issues.

Preferred Qualifications & Certifications

• Bachelor's degree in Computer Science, Information Security, or related fields.
• Cybersecurity certifications such as CISSP, CEH, Splunk SOAR Certification, AWS Certified Security Specialty, or related certifications highly preferred.

Additional Information

• Candidates must reside in California, preferably in the Bay Area, to allow periodic visits to our Pleasanton headquarters.
• This position offers a hybrid working environment with flexible remote and onsite work expectations.