Splunk Detection Engineer

OverviewSplunk Detection Engineer (Level IV or Strong Level III)12+ months • Fully RemoteScope: The Splunk Detection Engineer will play an important role in ensuring that security logs are appropriately formatted, ingested, tagged, and used to detect possible security events.Typical tasks may include:Integrate new data sources, which may include databases, APIs, files, etc. This may involve setting standards and working with IT administrators to update their configurationsValidating and creating appropriate configurations for CIM compliant logsProcessing requests from cybersecurity analysts for new detections within Splunk Enterprise SecurityAnalyzing existing logs to identify poorly formatted logs and potential gaps when implementing new detectionsAdding and maintaining threat feeds within Splunk Enterprise SecurityMonitoring the performance of and tuning detectionsManaging asset and identity inventory within Splunk Enterprise SecurityCreating and maintaining new Splunk appsRecommending additions or changes to Splunk or its data models to meet detection needsDeveloping searches, reports, and other functionalities for cyber-based use-cases, including active response, intrusion detection, vulnerability management, and related use cases Responsibilities Carry out activities to ensure proper formatting, ingestion, tagging, and utilization of security logs for detection of eventsCollaborate with cybersecurity analysts and IT teams to implement detections and data modelsDevelop and maintain detections, searches, and dashboards in Splunk Enterprise SecurityDrive continuous improvement of processes, data quality, and tooling related to SplunkProvide guidance and knowledge transfer to team members on Splunk Enterprise Security usage Qualifications Minimum Qualifications: Significant experience with Splunk and Splunk Enterprise SecuritySignificant experience with event logging solutions (e.g., Splunk Universal Forwarder, syslog, Cribl)Experience with ticketing/case managementExperience with Git pipelinesFamiliarity with using Linux CLIAbility to craft queries using common languages; comfort with regex, JSON and APIs; basic scripting in Python/PowerShell/BashExcellent analytical, problem-solving, and communication skills both with stakeholders, peers, and internal customers; able to operate under pressure in a shift or on-call environment Preferred Additional Qualifications: Strong grasp of TCP/IP, OSI model, and common protocols (HTTP, DNS, SMTP). Windows/Linux/macOS fundamentals; Active Directory/Azure AD concepts; basic cloud loggingExperience in system and network administrationRelevant cybersecurity experience including investigations and data analysisExperience with SOAR tools and automation developmentExperience using identity security/management tools (e.g., Entra ID, Active Directory, Shibboleth, CrowdStrike Identity Protection)Cloud security experience (e.g., CloudTrail/GuardDuty, Azure Defender/M365, GCP Security Command Center) #J-18808-Ljbffr