Cyber Security Team Lead - Threat Detection Engineering at Blackbaud
Blackbaud is seeking a high performing Team Lead for our Threat Detection Engineering and Automation Team. This is a player/coach role with the expectation of being an individual contributor and driving the vision and strategy of our program forward. Functions will include incident response, detection and alerting, measuring team effectiveness, and understanding the trends, themes, and details of threats against Blackbaud and its' customers.
What you’ll be doing:
- Provides immediate supervision and mentorship to a team of engineers and other members of the Threat Detect and Response team.
- Administer Splunk Enterprise Security, To include: Index, Sourcetype, Field, CIM Compliance, Use Cases and SPL upkeep.
- Produce and Implement Security and Business use-cases in the Splunk framework, Splunk queries in SPL and XML for reports, metrics and dashboards.
- Create custom field extractions, TA’s and sourcetypes.
- Troubleshoot and optimize SPL for large queries or data sets with strong knowledge of the Splunk search pipeline.
- Write applications/integrations that pull data from a source system for writing to Splunk (Python preferred)
- Generate thorough documentation on new integrations created, network flows, automation initiatives and projects and Processes/Procedures.
- Creating integrations with various enterprise level security tools and ticketing system.
- Work directly with our detection and Incident Response teams to identify gaps in logging, alerting and areas to improve/automate.
What we are looking for:
- 5+ years designing, engineering and securing complex infrastructure architectures.
- 3+ years of direct administration experience with a Splunk Enterprise environment.
- 2+ years leading or mentoring a cyber security team or group.
- Understanding and implementation of log data flow, data formatting/normalization, logging best practices and data forwarding between various security controls. between source systems and Splunk components
- Direct experience with development or deployment in the cloud (AWS, Azure)
- Comfortable with tooling that demonstrates an automation mindset: Chef, Puppet, Ansible, CI/CD experience, and can provide examples
- Experience with the following:
- Linux administration and bash, Python, or Ruby scripting
- Implementing best practices in regards to event collection and logging in cloud infrastructure and cloud services
- Log management on different tiers of infrastructure and platform services
- Working with containerized and serverless computing platforms
- Secrets management, encryption technologies, and key management
- Splunk certified ES Administrator or Splunk Architect certification is preferred
If our description fits your approach to security, we’d love to chat with you about what you can do to help our mission!