Cyber Defense Engineer

Key Responsibilities:

1. Lead the Splunk data on-boarding process, ensuring efficient and effective integration of data sources into the Splunk platform.
2. Collaborate with cross-functional teams to identify, assess, and mitigate cybersecurity threats and vulnerabilities.
3. Develop and implement robust SIEM (Security Information and Event Management) solutions to enhance threat detection and response capabilities.
4. Utilize SPL (Splunk Query Language) and Python scripting for data analysis, correlation, and automation tasks.
5. Monitor and analyze security logs and alerts to identify anomalous activities and potential security incidents.
6. Conduct regular audits and assessments to ensure compliance with cybersecurity policies, standards, and regulations.
7. Provide technical expertise and guidance to junior team members and support ongoing knowledge sharing initiatives.
8. Stay abreast of emerging cybersecurity trends, technologies, and threats to continually enhance organizational cyber defense capabilities.

Mandatory Skills:

1. Proficiency in Splunk, including data on-boarding and search query development.
2. Strong understanding of SIEM principles and experience with SIEM solutions.
3. Advanced knowledge of SPL (Splunk Query Language) for data analysis and manipulation.
4. Proficiency in Python scripting for automation and data analysis tasks.
5. In-depth understanding of Linux operating systems and command-line utilities.
6. Experience with data on-boarding processes, including data source identification, normalization, and enrichment.

Desired Skills:

1. Experience with additional cybersecurity tools and technologies beyond Splunk, such as intrusion detection/prevention systems, endpoint security solutions, etc.
2. Familiarity with cloud security principles and technologies (AWS, Azure, GCP).
3. Relevant cybersecurity certifications (e.g., CISSP, CEH, Splunk certifications, etc.).
4. Experience working in an Agile or DevSecOps environment.