Threat Detection Engineer (Splunk Developer)

Role Responsibilities:

• Interact with various customers to capture and define requirements for the development and testing of threat detection capabilities.
• Collaborate with the log source onboarding team to ensure correct log source onboarding and log mapping to data models according to Splunk standard processes.
• Develop, tune, and continuously improve correlation rules.
• Develop and maintain dashboards, reports, and alerts.
• Create Splunk Knowledge Objects to address customer needs in the context of using Splunk as a security tool.
• Prepare correlation search tests, conduct tests, and document evidence showing that correlation searches address scenarios described in use cases.
• Responsible for creating procedures, high-level/low-level documentation, implementing processes, and developing staff in relation to SIEM detection logic.
• Coach a team from a technical perspective; review work outputs and provide quality assurance.
• Analyze and identify areas of improvement within existing processes, procedures, and documentation.
• Demonstrate how to use SIEM & Enterprise Security products to both technical and non-technical personnel.
• Provide expert technical advice and counsel in the design, monitoring, and improvement of SIEM security systems.
• Prioritize and coordinate the backlog of threat detection requests, ensuring a healthy balance between defect resolution and new features.

Qualifications:

• In-depth experience in the development and maintenance of SIEM use cases.
• Fluent in Splunk’s search processing language (SPL).
• Excellent knowledge of Splunk Enterprise and Splunk Enterprise Security.
• Sound knowledge of Splunk Common Information Model and log normalization using Data Models.
• Solid understanding of cybersecurity technologies, protocols, and applications.
• Excellent English communication skills (written and oral).

Nice to Have:

• Splunk Core Certified (Advanced) Power User.
• Splunk Certified Developer.
• Splunk Enterprise Certified Admin.
• Splunk Enterprise Security Certified Admin.
• Any other Security Certifications (e.g., CEH, GIAC, CISSP, OSCP).

Soft Skills:

• Strong analytical skills to evaluate complex multivariate problems and find a systematic approach to gain a quick resolution, often under stress.
• Strong problem-solving, documentation, process execution, time management, and organizational skills.
• Ability to communicate complex information, concepts, or ideas confidently and well-organized through verbal, written, and/or visual means.
• Fast and independent learner, with ambition to self-improve.
• Comfortable in a fast-changing environment, flexible and pragmatic, open-minded.
• Accurate, with attention to detail.
• Client-focused and delivery-oriented.
• A team-focused mentality with the ability to work and collaborate effectively in a team environment.
• Good leadership and communication skills, whether on the field, in the team, or with management; a keen team player who coordinates work among people from different areas or divisions.
• A good relationship builder with strong diplomacy skills.
• Ability to work autonomously.

Remote Working:

A minimum office presence of eight days per month is required.