Senior Security Engineer
Are you a hardworking and highly motivated Security Engineer to join a thriving Security Operations Team? If so, this opportunity could be a great fit for you. In this role you will be responsible for detecting, analyzing and remediating any and all security events/issues and incidents that might be presented to Vrbo and its networks. You want to work here because you have a strong affinity for Splunk and also possess a desire to work in the cyber security field.
- Management, upkeep and expansion/design of an on-premise Splunk/Enterprise Security deployment.
- Coordinate all aspects of Splunk event collection and forwarding.
- Administer Splunk Enterprise and Enterprise Security. To include index, sourcetype, field, CIM compliance, ES use cases and SPL upkeep.
- Implement Security and Business use-cases in the Splunk framework.
- Handle syslog configurations and forwarding.
- Build custom dashboards, reports, and alerts within Splunk.
- Design and implement high-level strategies.
- Proven experience creating complex Splunk queries in SPL and XML for reports and dashboards
- Ability to troubleshoot and optimize SPL for large queries or data sets with strong knowledge of the Splunk search pipeline
- Understanding and implementation of log data flows between source systems and Splunk components
- Ability to write applications that pull data from a source system for writing to Splunk (Python preferred)
- Ability to create custom field extractions, TA’s and sourcetypes
- 5+ years of direct administration experience with an on-premise clustered Splunk Enterprise environment
- 3+ years designing, engineering and securing complex infrastructure architectures.
- 1+ years working in a cyber security org or team (preferably Security Operations).
- Direct experience with development or deployment in the cloud (AWS, Azure, GCP)
- Comfortable with tooling that demonstrates an automation mindset: Chef, Puppet, Ansible, CI/CD experience, and can provide examples.
- Experience with Linux administration and bash, Python, or Ruby scripting.
- Experience with implementing standard methodologies in regards to event collection and logging in cloud infrastructure and cloud services.
- Experience in log management on different tiers of infrastructure and platform services.
- Experience working with containerized and serverless computing platforms.
- Experience in secrets management, encryption technologies, and key management.
- Splunk certified Administrator or Architect certification is preferred