Team Lead - Threat Detection Engineering and Automation
What you’ll be doing:
Provides immediate supervision and mentorship to a team of engineers and other members of the Threat Detect and Response team.
Administer Splunk Enterprise Security, To include: Index, Sourcetype, Field, CIM Compliance, Use Cases and SPL upkeep
Create and Implement Security and Business use-cases in the Splunk framework
Create Splunk queries in SPL and XML for reports, metrics and dashboards
Create custom field extractions, TA’s and sourcetypes
Troubleshoot and optimize SPL for large queries or data sets with strong knowledge of the Splunk search pipeline
Write applications/integrations that pull data from a source system for writing to Splunk (Python preferred)
Create thorough documentation on new integrations created, network flows, automation initiatives and projects and Processes/Procedures
Creating integrations with various enterprise level security tools and ticketing system
Work directly with our detection and Incident Response teams to identify gaps in logging, alerting and areas to improve/automate
What we are looking for:
5+ years designing, engineering and securing complex infrastructure architectures
3+ years of direct administration experience with a Splunk Enterprise environment
2+ years leading or mentoring a cyber security team or group
Understanding and implementation of log data flow, data formatting/normalization, logging best practices and data forwarding between various security controls. between source systems and Splunk components
Direct experience with development or deployment in the cloud (AWS, Azure)
Comfortable with tooling that demonstrates an automation mindset: Chef, Puppet, Ansible, CI/CD experience, and can provide examples
Experience with Linux administration and bash, Python, or Ruby scripting
Experience with implementing best practices in regards to event collection and logging in cloud infrastructure and cloud services
Experience in log management on different tiers of infrastructure and platform services
Experience working with containerized and serverless computing platforms
Experience in secrets management, encryption technologies, and key management
Splunk certified ES Administrator or Splunk Architect certification is preferred
If that description fits your approach to security, we’d love to chat with you about what you can do to help our mission!