About The Role
Abnormal Security is looking for a Sr. SIEM/Detection Engineer to join the Security & Privacy team. As a leading cybersecurity company, it is imperative we find, analyze, and respond to threat actor's attacks and leverage the lessons learned to enhance and improve our detection capabilities to catch new and novel attacks. In this role, you will play a crucial role in designing, developing, and implementing automated solutions within Splunk to enhance incident response, threat detection, and remediation processes. You will collaborate with cross-functional teams to optimize incident response workflows, develop custom dashboards and visualizations, and ensure the smooth operation of our SIEM infrastructure. Additionally, you will be responsible for maturing Splunk data models and refining detection lifecycle processes to improve threat detection capabilities.
What you will do
- Mission Control Automation Development: Design, develop, and implement automated solutions within Splunk Mission Control to streamline incident response, threat detection, and remediation processes.
- Custom Dashboard Creation: Build custom dashboards and visualizations within Splunk to provide actionable insights for incident analysis and monitoring. Build capabilities to present analyst performance data to measure detection efficacy and response times.
- Incident Response Optimization: Collaborate with cross-functional teams to identify opportunities for improving incident response workflows and develop automated solutions to enhance efficiency.
- Continuous Monitoring and Maintenance: Monitor the performance and health of the SIEM infrastructure, troubleshoot issues, and implement necessary optimizations to ensure smooth operation.
- Documentation and Training: Document automated workflows, best practices, and standard operating procedures for Cyber Defense analysts. Provide training and support to enable team members to effectively utilize automated solutions.
- Detection Lifecycle Processes: Develop and implement detection lifecycle processes, including tuning and refinement of detection rules, to improve the accuracy and efficacy of threat detection capabilities.
- Splunk Data Model Maturation: Collaborate with stakeholders to enhance and mature Splunk data models to align with evolving business requirements and improve data analysis capabilities.
Must Haves
- Bachelor's Degree in Information Security, Computer Science, Digital Forensics, Cyber Security, or equivalent years of professional experience to meet job requirements and expectations.
- 5+ years of experience in the security domain, including both a detailed understanding of attacker techniques and tracking the threat actors behind specific campaigns.
- Demonstrated experience with Splunk Enterprise and Mission Control, including the ability to develop complex searches, dashboards, and reports.
- Strong scripting skills (e.g., Python, PowerShell) with experience in automating tasks and processes within Splunk Mission Control.
- Deep understanding of incident response methodologies and best practices, with the ability to translate these into automated workflows within SIEM and SOAR solutions.
- Excellent problem-solving skills with a proactive approach to identifying and resolving technical challenges.
- Strong interpersonal skills with the ability to effectively communicate technical concepts to both technical and non-technical stakeholders. Proven ability to collaborate with cross-functional teams.
Nice to Have
- Advanced degree in Computer Science, Engineering, or Cybersecurity.
- OSCP, OSCE, or GPEN, GCIH, GCPN, GWAPT certifications.
- Splunk certifications such as Splunk Certified Power User or Splunk Certified Admin would be advantageous.
- Familiarity with other security tools and technologies such as IDS/IPS, EDR solutions, etc., to integrate with Splunk Mission Control.
- Experience working with cloud platforms (e.g., AWS, Azure, GCP) and integrating Splunk Mission Control with cloud-based services.
- Understanding of machine learning and artificial intelligence concepts, with the ability to leverage these technologies to enhance automated processes within Splunk.
- Knowledge of DevOps practices and tools for automation, continuous integration, and continuous deployment (CI/CD) pipelines.