Splunk SIEM Use Case Specialist

Responsibility:

• Develop, enhance, and maintain threat detection use cases within Splunk ES and custom rules in CrowdStrike EDR.
• Align detection capabilities with the MITRE ATT&CK framework for transparency and effectiveness.
• Collaborate with SOC for continuous improvement and challenge detection mechanisms.
• Proactively create and fine-tune detection use cases using advanced analytics and machine learning.
• Ensure compliance and optimize performance by validating new log sources and data models.
• Drive operational stability and quality improvements through effective collaboration with the Service Operations team.

Technical Skills:

• Proficient in Splunk Enterprise Security (ES) and developing detection use-cases.
• Experience with Machine Learning and Risk-Based Monitoring in Splunk is advantageous.
• Strong analytical skills to interpret security logs and identify potential threats.
• Familiarity with common interface models (CIM) and data model utilization in Splunk.
• Deep understanding of cybersecurity concepts and attack lifecycle phases.
• Knowledgeable about the MITRE ATT&CK framework and various detection techniques.
• Working expereince in Splunk's Search Processing Language (SPL)
• Ability to create interactive dashboards, alerts, and reports in Splunk.

Experience:

• Minimum 3 years of demonstrated experience in SIEM use-case engineering.
• Over 5 years of experience in cybersecurity.