Splunk/SIEM Engineer (Remote)
- Job Title
- Splunk/SIEM Engineer (Remote)
- Job ID
- Work From Home
- Pittsburgh, PA 15275
- Other Location
From our start in 2009, Conexess has established itself in 3 markets, employing nearly 200+ individuals nation-wide. Operating in over 15 states, our client base ranges from Fortune 500/1000 companies to mid-small range companies. For the majority of the mid-small range companies, we are exclusively used due to our outstanding staffing track record.
Who We Are:
Conexess is a full-service staffing firm offering contract, contract-to hire, and direct placements. We have a wide range of recruiting capabilities extending from help desk technicians to CIOs. We are also capable of offering project-based work.
Conexess Group is aiding a large healthcare client in their search for a Security Engineer in a remote capacity. This is a long-term opportunity with a competitive compensation package.
- Understand data feeds of various security tools and logs that feed the SIEM & UBA technologies. Ability to identify capabilities and quality of these feeds and recommend improvements.
- Ability to craft new content use cases based on: threat intelligence, analyst feedback, available log data, and previous incidents.
- Create cost effective SPLUNK ES content
- Perform day to day activities of the content life cycle, including creating new use cases, testing content; tuning, and removing content; and maintain associated documentation.
- Work with the other security teams and product SMEs to identify gaps within the existing analytical capability.
- Development of parsers/field extractions to facilitate reliable content development.
- Development of custom scripts as required to augment default SIEM functionality.
- Participate in root cause analysis on security incidents and provide recommendations for future detection.
- Create, implement, and maintain novel analytic methods and techniques for content incident detection.
- Ensure documentation for content is available on team confluence or other tracking mechanism- specifically including content roadmap and documentation on current content.
- 30% creating/tuning content (must have knowledge of this)
- 20% documentation
- 50% validating content for project (We are replacing Qradar and Splunk on-prem with Splunk cloud)
- 4+ years of experience supporting a Splunk Enterprise Security developing correlations, notables and dashboards.
- Excellent knowledge of security methodologies, processes (i.e., Cyber Kill Chain/Diamond Models, and the MITRE ATT&CK framework).
- Splunk Core Certified Power User. / Splunk Core Cert is a must have
- Experience building and prioritizing RBA content.
- Experience with Agile methodologies.
- Understanding of various log formats and source data for SIEM Analysis.
- Solid background with Windows and Linux platforms (security or system administration).
- Strong incident handling/incident response/security analytics skills.
- Demonstrated history of innovation and/or creativity.
- Knowledge of programming/scripting fundamentals (nice to have)