Contract Type:Type:
Permanent employment
Education Level:Education:
Bachelor (EQF 6)
Published on:Published:
24/09/2024
The Splunk Security Engineer has substantial experience in SIEM platforms and standard marketplace security tools to help identify and reduce environmental threats. They will perform complex Splunk and/or Cribl deployments in customer environments, design activities using various security tools, technologies, and frameworks, and support customers in strategically developing their overall data collection and security tooling.
Splunk Security Engineer
Location: Remote in UK, BeNeLux or DACH
Must be bilingual: English required + one of the following languages (Dutch, German, Spanish or French).
Responsibilities:
- Work on complex SIEM project implementations for various customers in different parts of the world (remotely), including but not limited to deployment and use case development.
- Coordinate evidence/data gathering and documentation from various tools and collection methods.
- Create and develop new SIEM use cases as per the customer requirements.
- Define and assist in creating operational and executive security reports and dashboards.
- Participate in R&D activities across different parts of the organization.
- Work on internal integration activities as needed.
- Maintain familiarity with cybersecurity market trends and capabilities.
- Be the customer’s key technical contact.
- Supporting the BlueVoyant Sales team as a pre-sales engineer for enterprise opportunities.
- Interact with the BlueVoyant Day-2 team and responsible for transitioning customer-managed infrastructure into the BlueVoyant SOC environment.
- Deliver to customers security workshops.
- Conduct task-driven requests from customers based on a defined ITSM.
- Additional Professional Services activities with Splunk and Cribl.
- Willingness to obtain additional work-related certifications.
Qualifications:
- At least 6+ years of technical experience in the cybersecurity field.
- Splunk Architect certification.
- Deep expertise with Splunk or Sentinel SIEM platform.
- Deep expertise in at least one leading cloud provider (Azure, AWS, or GCP).
- Proven experience with Cloud technologies and security solutions.
- Development and design experience in automation services.
- Hands-on experience in script development.
- Advanced knowledge and expertise in using SIEM technologies for event investigation.
- Knowledge of SIEM query development for security use cases.
- Demonstrated experience in data visualization creation for decision-making.
- Customer-facing – excellent communication skills.
- Deployment experience in large/complex environments.
- Experience with multiple query languages such as KQL, SPL, and SQL.
- Advanced experience configuring endpoint detection technology such as Defender, Crowdstrike, or SentinelOne is a plus.
- Any security certifications, such as CISSP, CISM, CEH, and SABSA, are a plus.
- Proficient in English. Dutch, (French, German, or Spanish is a plus).