Cybersecurity Engineer - Splunk SME

August 16

Apply Now

Receive Emails with Similar Jobs

phia, LLC

WebsiteLinkedInAll Job Openings

Trusted with solving the complex challenges facing our connected world

Cybersecurity • Cyber Operations • Cyber Analysis • Intrusion Detection/Prevention • Incident Response

11 - 50

Description

• Oversee day-to-day operations of the SIEM within the organization. • Design, deploy, and configure cutting-edge SIEM solutions (e.g. Splunk, Microsoft/Azure Sentinel, IBM QRadar) to meet evolving security needs. • Optimize SIEM processes to ensure efficient and effective log collection and employ event management best practices. • Support security analysts in enabling threat identification, event detection, and information management. • Plan, implement, and manage full data lifecycle for Splunk infrastructure (data ingestion, compression, indexing, archiving, etc.). • Manage correlation rules, filters, alerts, report generation, security content development and delivery, health checks, and performance tuning. • Perform security assessments, and audits, and ensure regulatory compliance. • Leverage proficiency in networking concepts, system administration, security fundamentals, and access controls for SIEM deployment and optimization • Implement effective logging mechanisms and data collection methodologies to support SIEM operations • Utilize technical knowledge across multiple domains to configure, maintain, and enhance the SIEM solution • Work with the SIEM team to fine-tune components, analyze complex issues, and provide innovative solutions in the SIEM environment. • Coordinate with SOC monitoring/detection/analysis teams and incident response teams. • Provide mentorship and direction to junior team members.

Requirements

• High School + 16 years of relevant experience, or • AA/AS + 14 years of relevant experience, or • BA/BS + 12 years of relevant experience, or • MA/MS + 10 years of relevant experience • Experience managing and optimizing Splunk architecture components like search heads, indexers, heavy forwarders, universal forwarders, and clusters • To understand and configure Splunk indexing processes, including hot/warm/cold buckets and data models • Ability to develop regular expressions (regex) for data parsing and field extractions using props.conf and transforms.conf • Knowledge to design and implement large-scale data ingestion pipelines via APIs, syslog, and universal forwarders • Ability to troubleshoot and tune Splunk deployments for performance and stability, leveraging deep Linux systems knowledge • Experience building advanced data models and pivot interfaces for complex data analysis • Ability to develop and optimize SIEM content and processes, including managing correlation rules, filters, alerts, and report generation. • Proficiency in scripting languages (e.g., Python, PowerShell) and automating tasks in a SIEM ecosystem. • Strong understanding of networking and operating system administration fundamentals.