Conexess – Conexess Design Skip to main content

Career Opportunities

Splunk/SIEM Engineer (Remote)

Job Title
Splunk/SIEM Engineer (Remote)
Job ID
27708469
Work From Home
Yes
Location
Pittsburgh,  PA 15275
Other Location
Description
Our History: 
From our start in 2009, Conexess has established itself in 3 markets, employing nearly 200+ individuals nation-wide. Operating in over 15 states, our client base ranges from Fortune 500/1000 companies to mid-small range companies. For the majority of the mid-small range companies, we are exclusively used due to our outstanding staffing track record.

Who We Are:
Conexess is a full-service staffing firm offering contract, contract-to hire, and direct placements. We have a wide range of recruiting capabilities extending from help desk technicians to CIOs. We are also capable of offering project-based work.

Conexess Group is aiding a large healthcare client in their search for a Security Engineer in a remote capacity. This is a long-term opportunity with a competitive compensation package.

Responsibilities:
  • Understand data feeds of various security tools and logs that feed the SIEM & UBA technologies. Ability to identify capabilities and quality of these feeds and recommend improvements.
  • Ability to craft new content use cases based on: threat intelligence, analyst feedback, available log data, and previous incidents.
  • Create cost effective SPLUNK ES content
  • Perform day to day activities of the content life cycle, including creating new use cases, testing content; tuning, and removing content; and maintain associated documentation.
  • Work with the other security teams and product SMEs to identify gaps within the existing analytical capability.
  • Development of parsers/field extractions to facilitate reliable content development.
  • Development of custom scripts as required to augment default SIEM functionality.
  • Participate in root cause analysis on security incidents and provide recommendations for future detection.
  • Create, implement, and maintain novel analytic methods and techniques for content incident detection.
  • Ensure documentation for content is available on team confluence or other tracking mechanism- specifically including content roadmap and documentation on current content.
  • 30% creating/tuning content (must have knowledge of this)
  • 20% documentation
  • 50% validating content for project (We are replacing Qradar and Splunk on-prem with Splunk cloud)
Qualifications: 
  • 4+ years of experience supporting a Splunk Enterprise Security developing correlations, notables and dashboards.
  • Excellent knowledge of security methodologies, processes (i.e., Cyber Kill Chain/Diamond Models, and the MITRE ATT&CK framework).
  • Splunk Core Certified Power User. / Splunk Core Cert is a must have
  • Experience building and prioritizing RBA content.
  • Experience with Agile methodologies.
  • Understanding of various log formats and source data for SIEM Analysis.
  • Solid background with Windows and Linux platforms (security or system administration).
  • Strong incident handling/incident response/security analytics skills.
  • Demonstrated history of innovation and/or creativity.
  • Knowledge of programming/scripting fundamentals (nice to have)
#LI-MC1
#LI-Remote
 

Option 1: Create a New Profile