Key skills
AnsibleAWSAzureCloudCyber SecurityPythonSplunkPowerShellData LakeSnowflakeDatabricksS3DatadogSaaS
About this role
Role Overview
- Design, implement, and operate enterprise-scale SIEM architectures with a strong emphasis on Cribl Stream / Edge as the primary data pipeline feeding Splunk and other downstream consumers
- Leverage industry trends and market research to adopt the best practices to enhance the SIEM and SOAR platforms.
- Build and manage Security Data Lakes and Warehouses, with a strong preference for AWS-based solutions (e.g., S3, Snowflake, Databricks).
- Define SIEM and SOAR platform standards including data schema, modelling, normalization, monitoring and alerting.
- Develop scalable patterns for integrating on-prem, cloud, SaaS, container, and application data sources into Cribl and SIEM platforms
- Use Regex, Splunk SPL, Kusto Query Language (KQL) and scripting (Python, Ansible) to parse, normalize, enrich, and detect security events.
- Ability to conduct fraud analysis and threat detection.
- Create dashboards, metrics, trends, and executive-level reporting using SIEM & SOAR data.
- Identify opportunities to enhance the current baseline processes and configuration
- Produce engineering, integration and process related documentation.
- Manage vendor relationships to drive roadmap, solution design, implementation and troubleshooting
- Work with key stakeholders of the services to ensure the expectations are meeting the requirements
Requirements
- At least 5+ years of experience in technology with emphasis on cyber security.
- At least 3+ years of experience in SIEM and SOAR products such as Splunk, Elastic, Datadog, Cribl, etc.
- At least 1+ years of experience in Data Lake and data warehouse using products such as AWS S3, Snowflake, Databricks, etc.
- Experience with scripting is highly preferred like Python, Ansible etc.
- Experience in creating trending, metrics, and management reports
- Working knowledge in RegEx, Splunk search language, etc. is required.
- Knowledge and experience operating in a hybrid-cloud environment.
- Knowledge of modern security principles and their practical applications.
- Knowledge and experience in AWS or Azure
- Knowledge and experience with programming language to automate tasks (e.g. Python or PowerShell)
Tech Stack
- Ansible
- AWS
- Azure
- Cloud
- Cyber Security
- Python
- Splunk
Benefits
- comprehensive health and wellness benefits
- retirement plans
- educational assistance and training programs
- income replacement for qualified employees with disabilities
- paid maternity and parental bonding leave
- paid vacation, sick days, and holidays