Your Role:
At iCyber, we are seeking a skilled and versatile Splunk Engineer to join our project implementation team. In this role, you will work on implementing and optimizing a range of Splunk solutions, including Splunk Enterprise Security (ES), Splunk IT Service Intelligence (ITSI), Splunk Cloud, Splunk Core, and other components across various environments. You will be responsible for developing detection use cases, ensuring log source integration, and collaborating with internal teams to drive successful project delivery for our clients.
Your technical expertise will be vital in enhancing customers' security, monitoring, and IT operations capabilities through tailored Splunk solutions, ensuring optimal system performance and coverage of critical assets.
Your Responsibilities:
- Splunk Solution Implementation: Implement and configure various Splunk components such as Splunk ES, ITSI, Splunk Cloud, and Splunk Core to meet customer needs.
- Detection and Monitoring Use Case Development: Engineer and develop detection rules, correlation searches, and dashboards to improve threat detection, IT service monitoring, and overall system visibility.
- Optimization and Tuning: Continuously tune and enhance Splunk components to ensure maximum performance and efficiency, including use cases for security, IT operations, and business processes.
- Log Source Integration: Collaborate with log onboarding teams to ensure integration of relevant log sources from a wide variety of systems and platforms (cloud and on-premises).
- Framework Alignment: Align detection and monitoring use cases with industry standards such as MITRE ATT&CK, NIST, or other compliance frameworks to improve coverage.
- Collaboration with SOC & IT Operations: Work closely with SOC and IT operations teams to validate and improve monitoring capabilities for both security events and system health.
- Documentation and Playbooks: Maintain and update engineering playbooks, processes, and project documentation to ensure repeatability and knowledge sharing.
- Service Improvement: Collaborate with the Service Operations team to troubleshoot challenges, refine processes, and improve service delivery quality.
Requirements:
- Education: Degree in Information Technology, Computer Science/Engineering, or equivalent.
- Experience:
- Over 5 years of experience in cybersecurity and/or IT operations, with at least 3 years focused on implementing and optimizing Splunk solutions.
- Hands-on experience with various Splunk components including Splunk ES, ITSI, Splunk Cloud, and Splunk Core.
- Proficiency in developing and tuning detection use cases, correlation searches, dashboards, and reports.
- Technical Skills:
- Strong knowledge of Splunk architecture, log management, and security information event management (SIEM).
- Familiarity with cybersecurity frameworks (e.g., MITRE ATT&CK), IT service monitoring, and machine learning models within Splunk.
- Hands-on experience with scripting and automation (Python, SPL, or others).
- Expertise in log onboarding from diverse systems (cloud, on-prem, hybrid environments).
- Communication: Excellent verbal and written communication skills for engaging with customers and internal teams.
- Problem Solving: Ability to troubleshoot and resolve technical issues efficiently, working closely with cross-functional teams.
- Collaboration: Experience working with SOC, IT, and service operations teams to ensure seamless Splunk implementation.
- Self-Motivation: A proactive, self-starter with the ability to work independently and drive successful project outcomes.
