Sr. Splunk Enterprise Security Engineer
At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technology leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance and protect these exciting experiences.
The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.
In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes:
- Analysis of known and emerging threats to determine risks against TWDC assets
- Creation, maintenance, governance and communication of security policies and standards across TWDC
- Assessment and audit of compliance against the security policies and standards
- Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria
We look to add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work.
Responsibilities :
The Senior Security Specialist is responsible for a broad range of responsibilities, with a primary emphasis on Splunk Enterprise Security operations. The Senior Security Specialist will work closely with Management, other senior security staff members, the Security Operations Center (SOC), Incident Response (IR) team, and other internal organizations to serve as one of the subject matter experts for SIEM-related activities covering both traditional and virtual environments.
- Engineer, implement, and administer the SIEM platform centered on Splunk Enterprise Security
- Analyze, design, build & support a Splunk multi-cluster environment.
- Execute Incident & Problem Management, Change & Release Management, Vendor Management, Capacity Management functions for these applications
- Guide the operational support of the platform by the service provider who will fulfill 24X7 monitoring and maintenance of the platform
- Develop log ingestion, aggregation, and retention strategies to meet policy and operational requirements
- Assist with on-boarding new data sources into Splunk, analyze the data for anomalies and trends, and build dashboards highlighting the key trends of the data.
- Coordinate integration activities with 3rd party solutions to ensure comprehensive security event collection
- Assist the content engineering team in developing security-focused content for Splunk, including creation of complex threat detection logic and operational dashboards
- Experienced with all stages of architecture lifecycle - including service tooling improvements, requirements execution, architecture improvements, design, implementation, testing, documentation, and support.
- Work with cross-functional teams to proactively improve on existing integration automation/workflows.
- Maintain up-to-date knowledge of technology standards, industry trends, emerging technologies, and best practices.
- Ensure technical issues are quickly resolved and help implement strategies and solutions to reduce the likelihood of recurrence.
- Reviews, prepares or presents executive-level key reporting around SIEM and detection activities/efforts
- Act as the key point of escalation for other security engineers and analysts, provide guidance and mentoring using adaptive communication style that promotes learning
Basic Qualifications :
Skills/Knowledge
- Splunk certifications such as Splunk Certified Developer, Enterprise Security Implementation, Splunk Enterprise Certified Consultant, and/or Splunk Enterprise Certified Architect
- Extensive experience implementing, architecting and administering Splunk Enterprise Security in complex deployment configurations
- Cloud knowledge required (AWS, Azure, GCP) with experience preferred in managing Splunk implementation in AWS
- Must have hands on experience on Splunk Enterprise environment setup and troubleshooting skills
- Must have knowledge on data integration options for Splunk
- Must be able to maintain, manage and monitor Splunk infrastructure (e.g. identify impactful searches and manage overall health of Splunk)
- Experience in clustering and load balance environments setup
- Experience developing in XML, Bash, JavaScript and Python, Perl, PowerShell scripts
- Experience with platforms such as Ansible, Puppet, or Chef
- Independent, self-motivated, proactive approach to problem solving and prevention.
- Excellent written and verbal communication skills.
- Passion for the cybersecurity space
Work Experience
- Minimum 5+ years security operations experience in large global organizations.
- Minimum 5 years professional engineering experience with the Splunk platform
Competencies
- Must have thorough knowledge of information security components, principles, practices, and procedures.
- Must have thorough knowledge of web application, infrastructure, and internet security along with a general understanding of common operating systems, networking protocols, database, and application development.
- Minimum 2 years’ experience of both private and public virtualization environments (e.g. AWS, Azure, GCP, VMware, etc.)
- Minimum 2 years’ experience with scripting (e.g. Python or bash) and automation (e.g. Chef, Ansible, CloudFormation)
- Minimum 1 year designing, implementing and maintaining a 10TB+ multi-site/multi-cluster Splunk Infrastructure
- Minimum 2 Years of API experience with AWS Kinesis, AWS SQS, AWS SNS.
- Knowledge of serverless pipelines in Azure, AWS and GCP to ensure scalability for log delivery to the SIEM.
- Knowledge of automation and orchestration integration with Splunk Enterprise Security
- Python preferred
- Minimum 2 years Designing, Implementing, and Maintaining a Multi-Site Splunk environment
- Knowledge/experience with SmartStore based indexing infrastructure in AWS.
Preferred Qualifications:
- One of the following general certifications: CISSP, CISM, CISA or equivalent
- Application-specific certification: Splunk Certified Admin or IBM Certified Associate Administrator
- AWS Operations or Security certification
Required Education :
- BA/BS in business or computer science or appropriate work experience
Preferred Education :
- Masters or other advanced degree preferred
Additional Information :
DISNEYTECH
#LI-CM1#LI-CM1