
Senior Splunk Detection Engineer
Posted 2 days ago

Posted 2 days ago
This is a fully remote position, open to applicants in United States.
• Design, construct, test, and continuously enhance detection content for Splunk Enterprise Security.
• Create and refine correlation searches, notable events, adaptive response actions, dashboards, and investigation workflows.
• Implement and optimize strategies for Risk-Based Alerting (RBA).
• Enhance detection quality while minimizing false positives and reducing false negatives.
• Align detections with the MITRE ATT&CK Framework and maintain coverage metrics.
• Collaborate with Incident Response teams to transform real-world incidents into improved detection content.
• Engage in threat hunting, incident investigations, tabletop exercises, and purple team activities.
• Develop cloud detections utilizing AWS GuardDuty, CloudTrail, Security Hub, IAM, EC2, S3, VPC Flow Logs, and related telemetry.
• Ensure compliance with the Common Information Model (CIM) and enhance data normalization.
• Assess detection quality through metrics such as precision, recall, MTTR, and analyst workload reduction.
• Assist in future automation initiatives for Splunk SOAR (Phantom).
• Integrate Splunk Enterprise Security with ServiceNow Incident Response and other security technologies.
• Collaborate with Security Operations, Cloud Engineering, Vulnerability Management, and Incident Response teams.
• Perform additional job-related duties as assigned.
• Must possess an active Public Trust clearance or the capability to obtain one.
• At least seven (7) years of experience in cybersecurity, including four (4) years in Detection Engineering, Security Operations, Incident Response, or Splunk Enterprise Security.
• Experience in building and tuning correlation searches within Splunk Enterprise Security.
• Practical hands-on experience with Risk-Based Alerting (RBA) implementation.
• Experience in Incident Response or close collaboration with Incident Response teams.
• Comprehensive understanding of the MITRE ATT&CK framework.
• Proven experience in enhancing detection fidelity and reducing false positives.
• Strong knowledge of AWS security, including GuardDuty, CloudTrail, Security Hub, IAM, EC2, S3, and VPC Flow Logs.
• Proficient in SPL, Python, REST APIs, and Git.
• Experience in developing Splunk dashboards, reports, and investigations.
• Exceptional written and verbal communication abilities.
• Medical
• Dental
• Vision
• 401(k)
• Other potential benefits as provided
OpenRouter
Get handpicked remote jobs straight to your inbox weekly.