Sr. Detection Engineer, Splunk | Remote, USA

This position will be fully remote and can be hired anywhere in the continental U.S.

We are seeking a highly skilled and experienced Sr. Splunk Detection Engineer to join our MSS Detection Engineering team. This Engineer will be responsible for the creation, deployment and management of Threat Detections within a Detection-as-Code methodology. This role will play a crucial part in the creation and maintenance of high fidelity rules, enabling fast response times to triggered alerts, and ultimately enhancing the security posture of our clients.

How you'll make an impact:

• Provisioning APIs for automation, security testing and threat detection.

• Leveraging automation tooling to create efficiencies, scalability, and accuracy within a Detection-as-Code methodology.

• Providing expertise with cloud security concepts, platform-specific security features (AWS Security Hub, Azure Sentinel), and cloud-based detection tools.

• Use of code repos such as Bitbucket for centralized detection rule storage and management.

• Communication skills to collaborate with security analysts, incident responders, and clients to effectively curate threat detections.

• Git experience for the purpose of version control, collaboration, deployment, and integration with automation tools.

• Understanding of incident response procedures, threat hunting methodologies, and how to collect and analyze forensic data.

• Ability to parse and analyze log data from various sources (firewalls, applications, servers) to identify suspicious events and potential incidents is key for detection.

• Experience with network protocols, firewalls, intrusion detection/prevention systems (IDS/IPS), and how network traffic analysis can reveal malicious activity.

• By gathering and analyzing information that's publicly available for the purpose of Threat Research, Identifying exposed assets, Social engineering recon, and Monitoring brand reputation.

• The use of regex for pattern matching and conciseness within threat detection queries.

• Scripting languages like Python, PowerShell, or Bash for automating repetitive tasks, log analysis workflows, and basic security tools development.

• Providing expertise in core security concepts (threat vectors, vulnerabilities, attack surfaces) and major security frameworks (MITRE ATT&CK, NIST CSF) crucial for designing and deploying effective detection strategies.

• Proficiency in SIEM tool administration (such as Splunk), allowing for proper log collection, analysis, and correlation of security events from various sources.

• Strong knowledge of operating systems (Windows, Linux) is essential for understanding system logs, user activity, and potential security weaknesses.

• By staying up-to-date on the latest threats, vulnerabilities, and attacker tactics, techniques, and procedures (TTPs) for proactive detection creation.

What we're hiring for:

• In-Depth knowledge of Splunk architecture and Cloud operations, and a detailed understanding of computer and network security.

• 5+ years of experience with deploying and using Splunk in Commercial Cloud Platform (ex, AWS, Google Cloud, Azure).

• 3+ years of experience creating, deploying and managing Threat Detections.

• Splunk Certified Architect & Cybersecurity Defense Analyst highly desired.

• Proficiency with MS Office and Internet Navigation. 

• Excellent written and verbal communication skills. 

• Outstanding time management and organizational skills. 

• Ability to work independently and as part of a team.

What you can expect from Optiv

• A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups.
• Work/life balance
• Professional training resources
• Creative problem-solving and the ability to tackle unique, complex projects
• Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.
• The ability and technology necessary to productively work remotely/from home (where applicable)

EEO Statement

Optiv is an equal opportunity employer (EEO). All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, status as an individual with a disability, veteran status, or any other basis protected by federal, state, or local law.

Optiv respects your privacy. By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv’s selection and recruitment activities. For additional details on how Optiv uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice. If you sign up to receive notifications of job postings, you may unsubscribe at any time.