Job Description

Title: Splunk SME / Cybersecurity Automation SOAR SME

Location: Dallas TX // Onsite-Hybrid

Term: Contract long term

Required skills:

• At least 10+ years of experience in the IT industry with strong technical knowledge on AWS Infrastructure & security services (EC2, ELB, Guardduty, Config, Inspector, Security Hub, RDS, Route53, S3, vpc, vpn, tgw, cloudwatch, cloudtrail, eventbridge, etc.)
• Strong security automation experience and ability to convert security use cases to automation scripts especially covering large set of AWS specific use cases.
• Strong proficiency in XSOAR platform, including playbook development, automation scripting (Python preferred), and integration management.
• Strong working experience in XSOAR product with the ability to design, implement, and maintain the Palo Alto XSOAR platform.
• Ability to build new or modify existing Playbooks, develop custom playbooks, automations, and integrations with various security tools and technologies.
• Ability to configure and manage Threat Intelligence Management (TIM) features in XSOAR
• Identify opportunities to automate repetitive security tasks and processes using XSOAR.
• Ability to develop/document playbooks to automate security controls and processes for AWS.
• Collaborate with Security Operations Center (SOC) teams to streamline incident response workflows.
• Palo Certified Security Automation Engineer (PCSAE) preferred
• Good understanding of security controls related to regulatory requirements, such as NIST, PCI, ISO 27001, HIPAA compliance etc
• Experience working on FedRamp compliant projects is a plus.

Splunk skillset Requirements:-

• Strong hands-on working experience in Splunk Installation and UNIX management, Splunk architecture and components including search heads, indexers and forwarders.
• Installed, configured, and maintained Splunk Add ons and Apps such as but not limited to: Splunk Add-On for AWS, Splunk Add-On for Windows, and Google Workspace for Splunk.
• Creation of new dashboards, reports or analytics
• Managed a clustered environment with multiple indexers and search heads.
• Administered both Splunk Enterprise and Splunk Enterprise Security.
• Worked closely with various Security and Platform Engineering teams to onboard new data from various sources.
• Creation of new alerts, custom rules.
• Maintaining the security of splunk and its related components and indexes
• Maintaining current patch levels for all splunk components – including the Linux host OS patching and upgrading
• Performing major version upgrades – including the Linux host OS, Splunk components as necessary
• Troubleshooting and resolving splunk issues as necessary
• Candidates with Splunk Enterprise Security Certified Admin or Splunk Certified Cybersecurity Defense Analyst certification will be preferred.

XSOAR skillset Requirements: -

• Experience in XSOAR with ability to configure existing and/or create new Incident Types, Incident Fields, Classifications & Mappings Ability to build new or modify existing Playbooks, including implementation of Generic Polling and similar tasks Ability to configure and manage Threat Intelligence Management (TIM) features
• XSOAR Palo Certified Security Automation Engineer (PCSAE) preferred

Job Tags

Similar Jobs