• Design, deploy, and manage the Splunk SaaS platform, including data ingestion, search optimization, and dashboard creation.
• Implement SOAR solutions to automate incident response tasks, integrating with other security tools.
• Develop custom playbooks, rules, and alerts to enhance threat detection and response efficiency.
• Perform continuous tuning and optimization of Splunk SaaS and SOAR systems to improve performance and security posture.
• Work closely with SOC teams to define automation use cases and integrate solutions that enhance security operations.
• Provide troubleshooting and technical support for Splunk SaaS and SOAR-related issues.
• Create and maintain comprehensive documentation for Splunk SaaS configurations, SOAR playbooks, and related workflows.
• CISSP or equivalent certification.
• Splunk administration, including designing, configuring, and maintaining the platform.
• Experience with SOAR platforms (e.g., Splunk Phantom, Demisto, or others) and automation of security workflows.
• Strong scripting skills (Python, Bash, PowerShell, etc.) for developing custom automation and integration solutions.
• Familiarity with SIEM tools and integration of security data sources.
• Ability to obtain and maintain a security clearance from the US federal government.
• Splunk Certifications
• Experience in cloud security tools and platforms (AWS, Azure, etc.).
• Prior experience with government security frameworks, such as FedRAMP or NIST.
• Knowledge of machine learning techniques for use in security analytics.
• Splunk certifications (Splunk Certified Admin, Splunk Certified Architect).
• Experience with threat intelligence tools and their integration into SOAR solutions.
