Security Incident Response Engineer with splunk - REMOTE
Posted on Jul 11, 2020 by Request Technology - Robyn Honquest
Security Incident Response Engineer
Salary: $100-120k flex + 20 percent bonus
Looking for a sharp incident response engineeer with threat hunting, incident response, threat management, threat intelligence. digital forensics and threat protection. Must also have splunk experience -not just as user but someone who can adjust logs, format logs and able to customize the splunk infrastructure. Key to the job along with the inicident response is heavy splunk and experiene customizing user settings.
The Security Incident Response Logging and Event Engineer is responsible for building, maintaining, and improving the engine that powers large-scale security threat management capabilities that protect, detect, and respond to emerging threats and sophisticated attacks on enterprise networks. The person in this role onboards, ingests, reviews, and analyzes large and highly complex datasets and information to provide content, conclusions, and actionable recommendations to mitigate risk and stop attackers cold.
- Work with application development teams and third-party vendors to develop data for enterprise applications in order to create appropriate logs and events
- Create logging configuration standards for all IT infrastructure and instructs IT on how to configure systems to log appropriately
- Create event dashboards and metrics and establishes threshold standards
- Perform centralized data onboarding and log ingestion into the Splunk platform to improve the visibility of security threat management at Company
- Administer Splunk Enterprise Security solution in a highly available, redundant, distributed multi-site clustered environment
- Create and optimize correlation searches for the Security Operations Center (SOC) analysts
- Assist in the operations, performance, and troubleshooting of Splunk, Search Heads, Indexers, Heavy Forwarders, Deployment Server, Splunk Apps/TAs and Data Models
- Provide recommendations and implement changes to optimize the Splunk platform
- Reproduce issues, file bug reports, and escalate cases to Splunk support as necessary
- Performs log audits and actively works to improve log management compliance
- Ensures data retention of logs and alerts meets corporate standards
- Maintain Splunk systems internal documentation, including SOP's and design documents
- Create technical documentation related to system configurations, process, procedure, and knowledgebase articles.
- Support defensive tools and solutions that identify and stop advanced adversary tactics and techniques.
- Participate in Computer Incident Response Team (CIRT) responses to active and time-sensitive threats including communications and coordination across different teams.
- Work closely with other members of the Cyber Risk Management team to lead changes in the company's defense posture.
- 5+ years of experience in information security
- 2+ years of hands-on experience with Splunk Enterprise Security
- Certified Splunk Administrator/Enterprise Security
- Relevant security certifications (OSCP, OSCE, GPEN, GXPN, GREM, GNFA, GCFA)
- Experience administrating and operating Splunk in an enterprise environment
- Knowledge and experience working with the Splunk API
- Understands the security incident response discipline, including threat hunting, forensics, intrusion detection, and threat intelligence
- Experience with at least one interpreted programming language (Python, Ruby, etc.)
- Proficiency in PowerShell and/or Bash
- Understanding of TCP/IP Networking, and network services such as DNS, SMTP, DHCP, etc.
- Experience in common phishing and other social engineering tactics
- Familiarity with malware, command and control channels, and attacker tactics, techniques, and procedures