Looking for a sharp incident response engineer with threat hunting, incident response, threat management, threat intelligence and experience executing threats incident response, digital forensics threat protection. Must also have splunk experience not just as user but someone who can adjusting logs formating logs being able to customize the splunk infrastructure. Key to the job along with the inicident response splunk customize user settings customizing the splunk login page user preferences.
This hands-on technical role shares responsibilities across the team in supporting cyber threat intelligence, threat hunting, participating in incident response efforts, performing log analysis, and implementing threat protection across the enterprise.
The candidate should have an applied and in-depth understanding of security information and event management (SIEM) solutions and the logs and events needed to detect malware, attacker tactics, techniques, and procedures. In addition to having a breadth of technical experience, the candidate should have customer communication experience.
How you will make an impact:
- Work with application development teams and third-party vendors to develop data for enterprise applications in order to create appropriate logs and events
- Create logging configuration standards for all IT infrastructure and instructs IT on how to configure systems to log appropriately
- Create event dashboards and metrics and establishes threshold standards
- Perform centralized data onboarding and log ingestion into the Splunk platform to improve the visibility of security threat management at Company
- Administer Splunk Enterprise Security solution in a highly available, redundant, distributed multi-site clustered environment
- Create and optimize correlation searches for the Security Operations Center (SOC) analysts
- Assist in the operations, performance, and troubleshooting of Splunk, Search Heads, Indexers, Heavy Forwarders, Deployment Server, Splunk Apps/TAs and Data Models
- Provide recommendations and implement changes to optimize the Splunk platform
- Reproduce issues, file bug reports, and escalate cases to Splunk support as necessary
- Performs log audits and actively works to improve log management compliance
- Ensures data retention of logs and alerts meets corporate standards
- Maintain Splunk systems internal documentation, including SOP’s and design documents
- Create technical documentation related to system configurations, process, procedure, and knowledgebase articles.
- Support defensive tools and solutions that identify and stop advanced adversary tactics and techniques.
- Participate in Computer Incident Response Team (CIRT) responses to active and time-sensitive threats including communications and coordination across different teams.
- Work closely with other members of the Cyber Risk Management team to lead changes in the company's defense posture.
- 5+ years of experience in information security
- 2+ years of hands-on experience with Splunk Enterprise Security
- Certified Splunk Administrator/Enterprise Security
- Relevant security certifications (OSCP, OSCE, GPEN, GXPN, GREM, GNFA, GCFA)
- Experience administrating and operating Splunk in an enterprise environment
- Knowledge and experience working with the Splunk API
- Understands the security incident response discipline, including threat hunting, forensics, intrusion detection, and threat intelligence
- Experience with at least one interpreted programming language (Python, Ruby, etc.)
- Proficiency in PowerShell and/or Bash
- Understanding of TCP/IP networking, and network services such as DNS, SMTP, DHCP, etc.
- Experience in common phishing and other social engineering tactics
- Familiarity with malware, command and control channels, and attacker tactics, techniques, and procedures