Information Security Engineer

The SOC and Security Engineering teams are looking for an experienced professional to support Splunk Enterprise Security (ES) and manage infrastructure. This role is crucial for accelerating the onboarding of new log sources and optimizing the use of Splunk’s ES capabilities.

Key Responsibilities:

• Data Normalization and Mapping: Normalize and map ingested data to Splunk and industry-standard Common Information Models (CIM).
• Enhancing Threat Detection: Align data with best practices and leverage Splunk’s advanced security features to enhance threat detection capabilities.
• Log Integration: Ensure seamless integration of diverse log sources to enrich the security ecosystem and improve organizational readiness for emerging threats.
• Infrastructure Resilience: Strengthen infrastructure resilience and enable robust monitoring to ensure high availability and performance of Splunk environments.
• Pipeline Migration: Migrate logging pipelines from Cribl to Observo.
• Security Data Lake: Design, build, and optimize a security data lake to enable scalable data ingestion, storage, and analysis, enhancing threat detection and incident response capabilities.

This role is vital in enabling the team to fully utilize Splunk ES for more robust and proactive security operations. The team has made significant progress in enhancing Splunk capabilities and aims to build on this momentum.

Key Job Functions:

• Hands-on experience with Splunk Enterprise Security.
• Splunk platform design experience for large-scale and distributed deployments.
• Establishes best practices and development standards, ensuring team adoption.
• Maintains a close partnership with Splunk on feature requests, upgrade planning, and product roadmap alignment.
• Improves Splunk search and indexing performance.
• Develops and customizes Splunk apps and dashboards.
• Implements integration with external systems.
• Builds advanced visualizations.
• Manages Splunk platform infrastructure and configuration.
• Provides day-to-day operational and user support.
• Executes new projects as well as data and user onboarding.
• Promotes advanced searching, forensics, and analytics.
• Develops creative solutions to complex problems.
• Staffs the help desk for search-related assistance.
• Manages data onboarding and configurations.
• Performs data interpretation, classification, and enrichment.
• Builds data models.
• Manages knowledge objects (field extractions, tags, event types, lookups, aliases, macros, etc.).
• Configures summary-based reports and data model acceleration.

Must Have:

• Infrastructure As Code (IaC)
• Splunk Administration
• Splunk Enterprise Security

Nice To Have:

• Cribl
• Observo