Splunk Detection Engineer

Delan Associates, Inc-posted 3 months ago
Full-time • Mid Level
Lemont, IL
101-250 employees
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

The Splunk Detection Engineer will play an important role in ensuring that security logs are appropriately formatted, ingested, tagged, and used to detect possible security events. Typical tasks may include integrating new data sources, validating and creating appropriate configurations for CIM compliant logs, processing requests from cybersecurity analysts for new detections within Splunk Enterprise Security, analyzing existing logs to identify poorly formatted logs and potential gaps when implementing new detections, adding and maintaining threat feeds within Splunk Enterprise Security, monitoring the performance of and tuning detections, managing asset and identity inventory within Splunk Enterprise Security, creating and maintaining new Splunk apps, recommending additions or changes to Splunk or its data models to meet detection needs, developing searches, reports, and other functionalities for cyber-based use-cases, assisting users with creating and optimizing searches and dashboards, and mentoring others in good development of said resources.

  • Integrate new data sources, which may include databases, APIs, files, etc.
  • Validate and create appropriate configurations for CIM compliant logs.
  • Process requests from cybersecurity analysts for new detections within Splunk Enterprise Security.
  • Analyze existing logs to identify poorly formatted logs and potential gaps when implementing new detections.
  • Add and maintain threat feeds within Splunk Enterprise Security.
  • Monitor the performance of and tune detections.
  • Manage asset and identity inventory within Splunk Enterprise Security.
  • Create and maintain new Splunk apps.
  • Recommend additions or changes to Splunk or its data models to meet detection needs.
  • Develop searches, reports, and other functionalities for cyber-based use-cases.
  • Assist users with creating and optimizing searches and dashboards.
  • Attend online/Teams meetings with team and others as appropriate.
  • Work with team to provide status on current task, suggest improvements, discuss implementation.
  • Significant experience with Splunk and Splunk Enterprise Security.
  • Significant experience with event logging solutions (e.g., Splunk Universal Forwarder, syslog, Cribl).
  • Experience with ticketing/case management.
  • Experience with Git pipelines.
  • Familiarity with using Linux CLI.
  • Ability to craft queries using common languages; comfort with regex, JSON and APIs; basic scripting in Python/PowerShell/Bash.
  • Excellent analytical, problem-solving, and communication skills.
  • Strong grasp of TCP/IP, OSI model, and common protocols (HTTP, DNS, SMTP).
  • Windows/Linux/macOS fundamentals; Active Directory/Azure AD concepts; basic cloud logging.
  • Experience in system and network administration.
  • Relevant cybersecurity experience including investigations and data analysis.
  • Experience with SOAR tools and automation development.
  • Experience using identity security/management tools (e.g., Entra ID, Active Directory, Shibboleth, CrowdStrike Identity Protection).
  • Cloud security experience (e.g., CloudTrail/GuardDuty, Azure Defender/M365, GCP Security Command Center).
  • Relevant certifications (nice to have): Security , CySA , SSCP; Microsoft SC-200/AZ-500; Splunk Core/Enterprise Security certifications; GIAC certifications.
  • Government-furnished laptop, PIV Card, and PIV Card reader.
  • Remote work flexibility with supervisor approval.
  • Opportunity for a flexible work schedule.
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service