This Job Vacancy has Expired!

Security Incident Response/Pen Tester Engineer/Splunk Administrator (R

Request Technology - Robyn Honquest

Posted on Nov 19, 2020 by Request Technology - Robyn Honquest

Not Specified, PR
Immediate Start
$140k - $180k Annual

Security Incident Response Engineer/Splunk Administrator

Location: Remote

Looking for a candidate with BOTH incident response AND Splunk Administration. You will have experience with threat hunting, incident response, threat management,threat intelligence and executing threats incident response. Must also have splunk Administration experience. Need someone who can adjust logs, format logs and able to customize the splunk infrastructure.

  • Must have Splunk/ES Administration experience
  • Certified Splunk Administrator/Enterprise Security

This position is responsible for the onboarding and ingestion of logs and events to support all aspects of security threat management for Company. This hands-on technical role shares responsibilities across the team in supporting cyber threat intelligence, threat hunting, participating in incident response efforts, performing log analysis, and implementing threat protection across the enterprise.

  • Work with application development teams and third-party vendors to develop data for enterprise applications in order to create appropriate logs and events
  • Create logging configuration standards for all IT infrastructure and instructs IT on how to configure systems to log appropriately
  • Create event dashboards and metrics and establishes threshold standards
  • Perform centralized data onboarding and log ingestion into the Splunk platform to improve the visibility of security threat management at Company
  • Administer Splunk Enterprise Security solution in a highly available, redundant, distributed multi-site clustered environment
  • Create and optimize correlation searches for the Security Operations Center (SOC) analysts
  • Assist in the operations, performance, and troubleshooting of Splunk, Search Heads, Indexers, Heavy Forwarders, Deployment Server, Splunk Apps/TAs and Data Models
  • Provide recommendations and implement changes to optimize the Splunk platform
  • Reproduce issues, file bug reports, and escalate cases to Splunk support as necessary
  • Performs log audits and actively works to improve log management compliance
  • Ensures data retention of logs and alerts meets corporate standards
  • Maintain Splunk systems internal documentation, including SOP's and design documents
  • Create technical documentation related to system configurations, process, procedure, and knowledgebase articles.
  • Support defensive tools and solutions that identify and stop advanced adversary tactics and techniques.
  • Participate in Computer Incident Response Team (CIRT) responses to active and time-sensitive threats including communications and coordination across different teams.
  • Work closely with other members of the Cyber Risk Management team to lead changes in the company's defense posture.

What we look for:

  • 5+ years of experience in information security, incident response and pen testing
  • 2+ years of hands-on experience with Splunk Enterprise Security
  • Certified Splunk Administrator/Enterprise Security
  • Relevant security certifications (OSCP, OSCE, GPEN, GXPN, GREM, GNFA, GCFA)
  • Experience administrating and operating Splunk in an enterprise environment
  • Knowledge and experience working with the Splunk API
  • Understands the security incident response discipline, including threat hunting, forensics, intrusion detection, and threat intelligence
  • Experience with at least one interpreted programming language (Python, Ruby, etc.)
  • Proficiency in PowerShell and/or Bash
  • Understanding of TCP/IP Networking, and network services such as DNS, SMTP, DHCP, etc.
  • Experience in common phishing and other social engineering tactics
  • Familiarity with malware, command and control channels, and attacker tactics, techniques, and procedures
  • Teamwork and ability to promote a working environment that increases collaboration, predictability, transparency and promotes a culture of experimentation and innovation
  • Effective and consistent collaboration through available mediums that enable remote team communication
  • Ability to work effectively in a diverse team and promote team diversity

Reference: 1011368894

Set up alerts to get notified of new vacancies.

Similar Jobs