Splunk Developer (Threat Detection Consultant)

Duration: 1 year

Rate: 500 - 800 per day

Hybrid: 2 days onsite per week (London, Paris, Brussels or Amsterdam)

Role:

• Interact with the different customers to capture and define requirements for the development and testing of the threat detection capabilities.
• Cooperate with log source onboarding team to assure correct log source onboarding and log mapping to data models according to Splunk standard processes.
• The development and tuning and continuous improvement of correlation rules.
• Develop and maintain dashboards, reports, and alerts.
• Create Splunk Knowledge Objects to address customers' needs in context of using Splunk as a security tool.
• Prepare correlation search tests, conduct tests, and document evidence from tests that show correlation search addresses scenario described in use case.
• Responsible for the creation of procedures, high-level/low-level documentation, implementation of processes and development of staff in relation to SIEM detection logic.
• Coach a team (from a technical perspective); review work outputs and provide quality assurance.
• Analyse and identify areas of improvement with existing processes, procedures, and documentation.
• Demonstrate how to use SIEM & Enterprise Security products to both technical/non-technical personnel.
• Provide expert technical advice and counsel in the design, monitoring and improvement of SIEM security systems.
• Prioritise and coordinate backlog of threat detection requests, making sure we have a healthy balance between defect resolution and new features.

Qualifications:

Technical Skills:

• In-depth experience in development and maintenance of SIEM use cases.
• Fluent in Splunk's search processing language (SPL).
• Excellent knowledge of Splunk Enterprise and Splunk Enterprise Security.
• Sound knowledge about Splunk Common Information Model and log normalization using Data Models.
• Solid understanding of cybersecurity technologies, protocols, and applications.
• Excellent English communication skills (written and oral).

Nice to have:

• Splunk Core Certified (Advanced) Power User (crucial).
• Splunk Certified Developer (nice to have).
• Splunk Enterprise Certified Admin (nice to have).
• Splunk Enterprise Security Certified Admin (nice to have).
• Any other Security Certifications (e.g. CEH, GIAC, CISSP, OSCP).

Soft Skills:

• Strong analytical skills to evaluate sophisticated multivariate problems and find a systematic approach to gain a quick resolution, often under stress.
• Strong problem solving, documentation, process execution, time management and organisational skills.
• Ability to communicate sophisticated information, concepts, or ideas in a confident and well-organised manner through verbal, written, and/or visual means.
• Fast and independent learner, with ambition to self-improve.
• At ease in a fast-changing environment, flexible and pragmatic, open-minded.
• Accurate, acting with attention to details.
• Client focus and delivery oriented.
• A team-focused mentality with ability to work & collaborate effectively in a team environment.
• Good leadership and communication skills, whether on the field, in the team or with management.
• A keen standout colleague and coordinate work among people from different areas or divisions.
• A good relationship builder with strong diplomacy skills.
• Ability to work autonomously.

Remote working: A minimum office presence of eight days per month is required.