Security Engineer - SIEM (Splunk) Platform & Operations

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, Information Assurance, or a related field; Master’s degree preferred.
• 3+ years of experience in a cybersecurity operations or related security role.
• 2+ years of hands-on experience administering Splunk Enterprise Security (ES).
• Strong hands-on experience with Splunk log ingestion, data normalization, search heads, indexers, SPL query development, and dashboard optimization.
• Knowledge of detection engineering, correlation rule development, and incident response workflows.
• Proven experience in threat analysis & incident response.
• Strong understanding of security log sources, including Windows and Linux servers, firewalls, endpoint tools, cloud infrastructure, and network detection platforms, such as Darktrace.
• Experience triaging and analyzing security alerts in complex, multi-platform enterprise environments.
• Familiarity with cloud platforms such as AWS, Azure, or similar environments.
• Strong analytical, communication, and collaboration skills, with the ability to clearly present findings and recommendations.
• Ability to work effectively across diverse global teams and adapt to evolving business and technical environments.
• Curious, resilient, and data-driven, with a proactive approach to solving security challenges.

Nice To Haves

• Relevant certifications such as Splunk Enterprise Security Certified Admin.
• Experience with supporting tools such as Darktrace, Crowdstrike, or Netskope are highly preferred
• Active knowledge & experience with rule creation & executing correlation searches in Splunk.

Responsibilities

• Monitor and analyze security event logs from multiple sources, including firewalls, intrusion detection/prevention systems, endpoint protection platforms, servers, cloud environments, and tools like Darktrace, to identify potential threats.
• Monitor, triage, and investigate alerts and logs within the Splunk SIEM and Splunk Enterprise Security (ES) platform.
• Assist in improving SIEM processes, detection coverage, alert fidelity, and operational workflows including creating dashboards
• Support the onboarding and integration of logs from enterprise systems into the Splunk environment.
• Validate log source completeness, data normalization, rule logic, and alert relevance across critical systems and infrastructure
• Perform initial analysis of security events, escalate incidents when appropriate, and assist with root cause identification.
• Conduct in-depth investigations of security incidents and recommend remediation and containment actions.
• Conduct proactive threat hunting using SIEM, EDR, CASB, and network detection tools, such as Darktrace, to identify suspicious activity that may have bypassed traditional controls.
• Tune and optimize correlation searches, detection rules, dashboards, and use cases to improve operational efficiency and reduce false positives.
• Prioritize remediation efforts based on risk, severity, and business impact.
• Participate in incident response activities and support threat hunting initiatives as needed.
• Collaborate with cross-functional teams to respond effectively to cybersecurity incidents and strengthen overall security posture.
• Create and maintain documentation for log flows, detection use cases, triage procedures, playbooks, cybersecurity processes, and operational standards.

Benefits

• Top-notch medical, dental, vision and prescription coverage
• Wellness program
• Parental leave
• 401K match and savings plan
• Flexible spending accounts
• Life insurance
• Paid Holidays
• Paid Time off
• medical, dental, and vision insurance
• a 401(k) plan and company match
• short-term and long-term disability coverage
• basic life insurance
• wellbeing benefits
• up to 10 scheduled paid holidays
• Paid Time Off