Armis Splunk Detection Engineer 

Canada 

714655499

Responsibilities:

• Configure tools and detect patterns/outliers within client environments matching tactics, techniques or procedures (TTPs) of known threat actors, malware or other unusual or suspicious behaviors.
• Monitor security tools in multiple client environments and ensure out detection / prevention are working operationally.
• Contribute to executive summary reports and on the delivery of detection / preventions for customers.
• Provide cross-functional support of this Splunk process,
• Work with the greater threat team to ensure delivery of a quality service.
• Operate as a Splunk subject matter expert (SME) point of contact for clients during business hours.
• Ownership of Splunk Documentation and Training.

Qualifications:

• Bachelor’s Degree in Cybersecurity related field preferred
• 3 years of Cybersecurity experience
• 3 years in exp in splunk in a soc role as well in configure and deployment role
• Significant experience using one SIEM platform i.e. Splunk / Elastic Search
• 1+ years experience with Python with Git
• Demonstrated or advanced experience with computer networking systems.
• Knowledge of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection systems, encryption, load balancing, and other network protocols.
• Knowledge of TTPs involved in current APT threats and exploits involving various operating systems, applications and protocols, including working knowledge of the Cyber Kill Chain and MITRE ATT&CK Matrix.
• Excellent written and verbal communication skills, analytical ability, and the ability to work effectively with peers.
• Ability to both support partner meetings and projects.
• Desire to learn how to apply machine learning to cybersecurity problems is a plus.

Preferred to have skills:

• Detection engineering