Sr SIEM - Splunk SME

Posted 2 Days Ago
Be an Early Applicant
Bangalore, Bengaluru, Karnataka
Senior level
Security • Cybersecurity
The Role
The role involves developing automated solutions in Splunk for incident response and threat detection. Responsibilities include creating custom dashboards, optimizing incident response workflows, monitoring SIEM infrastructure, and maturing Splunk data models. Collaborating with teams to refine detection processes and documenting workflows are also key duties.
Summary Generated by Built In

About the Role

Abnormal Security is looking for a Sr. SIEM/Detection Engineer to join the Security & Privacy team. As a leading cybersecurity company, it is imperative we find, analyze, and respond to threat actor’s attacks and leverage the lessons learned to enhance and improve our detection capabilities to catch new and novel attacks. In this role, you will play a crucial role in designing, developing, and implementing automated solutions within Splunk to enhance incident response, threat detection, and remediation processes. You will collaborate with cross-functional teams to optimize incident response workflows, develop custom dashboards and visualizations, and ensure the smooth operation of our SIEM infrastructure. Additionally, you will be responsible for maturing Splunk data models and refining detection lifecycle processes to improve threat detection capabilities.

What you will do 

  • Mission Control Automation Development: Design, develop, and implement automated solutions within Splunk Mission Control to streamline incident response, threat detection, and remediation processes.
  • Custom Dashboard Creation: Build custom dashboards and visualizations within Splunk to provide actionable insights for incident analysis and monitoring. Build capabilities to present analyst performance data to measure detection efficacy and response times.
  • Incident Response Optimization: Collaborate with cross-functional teams to identify opportunities for improving incident response workflows and develop automated solutions to enhance efficiency.
  • Continuous Monitoring and Maintenance: Monitor the performance and health of the SIEM infrastructure, troubleshoot issues, and implement necessary optimizations to ensure smooth operation.
  • Documentation and Training: Document automated workflows, best practices, and standard operating procedures for Cyber Defense analysts. Provide training and support to enable team members to effectively utilize automated solutions.
  • Detection Lifecycle Processes: Develop and implement detection lifecycle processes, including tuning and refinement of detection rules, to improve the accuracy and efficacy of threat detection capabilities.
  • Splunk Data Model Maturation: Collaborate with stakeholders to enhance and mature Splunk data models to align with evolving business requirements and improve data analysis capabilities.

Must Haves 

  • Bachelor’s Degree in Information Security, Computer Science, Digital Forensics, Cyber Security, or equivalent years of professional experience to meet job requirements and expectations.
  • 5+ years of experience in the security domain, including both a detailed understanding of attacker techniques and tracking the threat actors behind specific campaigns.
  • Demonstrated experience with Splunk Enterprise and Mission Control, including the ability to develop complex searches, dashboards, and reports.
  • Strong scripting skills (e.g., Python, PowerShell) with experience in automating tasks and processes within Splunk Mission Control.
  • Deep understanding of incident response methodologies and best practices, with the ability to translate these into automated workflows within SIEM and SOAR solutions.
  • Excellent problem-solving skills with a proactive approach to identifying and resolving technical challenges.
  • Strong interpersonal skills with the ability to effectively communicate technical concepts to both technical and non-technical stakeholders. Proven ability to collaborate with cross-functional teams.

Nice to Have 

  • Advanced degree in Computer Science, Engineering, or Cybersecurity.
  • OSCP, OSCE, or GPEN, GCIH, GCPN, GWAPT certifications.
  • Splunk certifications such as Splunk Certified Power User or Splunk Certified Admin would be advantageous.
  • Familiarity with other security tools and technologies such as IDS/IPS, EDR solutions, etc., to integrate with Splunk Mission Control.
  • Experience working with cloud platforms (e.g., AWS, Azure, GCP) and integrating Splunk Mission Control with cloud-based services.
  • Understanding of machine learning and artificial intelligence concepts, with the ability to leverage these technologies to enhance automated processes within Splunk.
  • Knowledge of DevOps practices and tools for automation, continuous integration, and continuous deployment (CI/CD) pipelines.

LI - #AB2

Top Skills

Python
The Company
San Francisco, CA
175 Employees
On-site Workplace
Year Founded: 2018

What We Do

The Abnormal Security platform protects enterprises from targeted email attacks. Abnormal Behavior Technology (ABX) models the identity of both employees and external senders, profiles relationships and analyzes email content to stop attacks that lead to account takeover, financial damage and organizational mistrust. Though one-click, API-based Office 365 and G Suite integration, Abnormal sets up in minutes and does not disrupt email flow.
Abnormal Security was founded in 2018 by CEO Evan Reiser, CTO Sanjay Jeyakumar, Head of Machine Learning Jeshua Bratman, and Founding Engineers Abhijit Bagri and Dmitry Chechik. The team previously built behavioral profiling and machine learning technologies at Twitter, Google and Pinterest that are being applied to solve a problem that costs organizations $1 billion per year, according to the FBI. The Abnormal Security platform stops targeted phishing, business email compromise and account takeover attacks that have never been seen before.

Similar Jobs

Hybrid
Bengaluru, Karnataka, IND
289097 Employees

ServiceNow Logo ServiceNow

Sr Information Security Engineer, Endpoint Security

Artificial Intelligence • Cloud • HR Tech • Information Technology • Productivity • Software • Automation
Hybrid
Bangalore, Bengaluru, Karnataka, IND
26000 Employees

Adyen Logo Adyen

Operational Support Specialist

Fintech • Payments • Financial Services
Easy Apply
Bengaluru, Karnataka, IND
4196 Employees

mabl Logo mabl

Support Engineer - Tier 1

Artificial Intelligence • Machine Learning • Software
Easy Apply
Remote
Hybrid
Bengaluru, Bengaluru Urban, Karnataka, IND
80 Employees

Similar Companies Hiring

Invoice Home Thumbnail
Software • SEO • Mobile • Information Technology • Fintech • Financial Services • Cybersecurity
Austin, TX
20 Employees
MacPaw Thumbnail
Software • Security • Information Technology • Data Privacy • Cybersecurity • App development
Cambridge, MA
550 Employees
Silverfort Thumbnail
Security • Sales • Information Technology • Cybersecurity • Automation
GB
357 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account