BlueVoyant
Sr. Security Engineer - Splunk Enterprise Security Job at BlueVoyant in San Fran
BlueVoyant, San Francisco, CA, United States
Sr. Security Engineer - Splunk Enterprise Security
Location: Remote in the United States
US Citizenship required
BlueVoyant is currently seeking an experienced Senior Security Engineer to join our Splunk Deployment Engineering Team. In this role you will utilize your advanced knowledge of Splunk security, SIEM platforms and related technologies. You will act as a lead engineer on large and enterprise sized SIEM projects to enable our Splunk MDR offerings within customer environments and clouds; involving hands-on deployment of a comprehensive range of SIEM based security solutions and technologies. Additionally, you may participate in Microsoft Sentinel deployments, ensuring cross-training and knowledge sharing within multi-SIEM environments.
Responsibilities: Work on Splunk Enterprise and Splunk Cloud project implementations for customers (remotely), starting with design and architecture, deployment and use case tune-up.
Participate in the development of SIEM customizations to meet the customer requirements for enhancing MDR services.
Create and develop new detection, automation and reporting use cases per customer requirements.
Assess and report maturity of client SIEM and MDR deployments.
Define and assist in the creation of operational and executive security reports and dashboards.
As needed, assist with multi-SIEM environments that include Splunk, Microsoft Sentinel, and Azure technologies.
Work on MDR integration activities across the Splunk, Cribl and Microsoft Sentinel product stacks.
Be a strategic and lead technical delivery resource within a team for large and enterprise client-facing projects.
Act as a lead on the Deployment Engineering team and provide mentoring for other mid and junior level engineers.
Participate in ongoing support activities for client facing environments to help mature and maintain our MDR practices.
Identify and implement improvements around process and technical enablement.
Contribute to knowledge sharing activities, such as internal documentation, lunch and learns, public facing blogs, etc.
Qualifications: At least 8 years of technical experience with enabling security technologies.
Strong experience with Splunk Enterprise and Splunk Cloud management and configuration.
Advanced experience in Splunk Enterprise Security premium app configuration and management.
Strong experience in Splunk Search Process Language (SPL).
Knowledge and familiarity of enterprise IT systems in relation to cyber security and log management.
Hands-on engineering experience with SIEM and MDR technologies.
Excellent communication skills to work in a dynamic and fast-paced team environment.
Preferred Competencies: Strong experience in additional query languages and/or script development such as SQL, Bash PowerShell, SKQL, etc.
Experienced and comfortable in customer facing roles.
Expertise in Cloud technologies such as Azure, AWS, or GCP.
Expertise in understanding of Incident investigation and response skill sets.
Proficient in Python, bash scripting, and/or RegEx.
Proficient with navigating and supporting Linux & Windows hosts; AWS, Azure and GCP hosted infrastructure; AD, Rsyslog/Syslog-ng and other related technologies.
#J-18808-Ljbffr