Job Description:
A Splunk Security Engineer plays a vital role in designing, implementing and managing security infrastructure.
Key Responsibilities:
* Splunk Deployment and Configuration: Lead the deployment, configuration and optimisation of Splunk solutions to ensure effective log management and SIEM capabilities.
* Security Incident Response: Collaborate with the incident response team to analyse and respond to security incidents using Splunk as a primary tool for investigation and analysis.
* Security Monitoring: Develop and maintain robust security monitoring solutions using Splunk to detect and respond to security threats proactively.
* Threat Hunting: Conduct proactive threat hunting exercises using Splunk queries and other tools to identify potential security risks and vulnerabilities.
* Collaboration and Training: Collaborate with cross-functional teams to enhance overall security posture and provide training to staff on the effective use of Splunk and related security tools.
* Documentation: Create and maintain comprehensive documentation related to Splunk configurations, security procedures and incident response processes.
Qualifications:
* Proven experience with maintenance and deployment of Splunk Core and Enterprise Security.
* In-depth knowledge of Splunk architecture, searches, dashboards and alerts.
* At least 2 years of professional experience in Security/IT/System/Network Administration and Engineering.
* Experience with implementation and operation of security solutions such as SIEM, DLP, Firewalls, WAF, VPN, EDR, IPS/IDS, Email Gateway, etc.
* Knowledge of cloud architecture and security is desired.
* Strong understanding of cybersecurity principles and best practices.
* Excellent analytical and problem-solving skills.
* Degree in Computer Science, Information Security or a related field.
* Certifications such as Splunk Core/Cloud Admin are a plus.