Sr. IT Security Engineer (SIEM, NDR )

” The Job Description”

1. Design, deploy, and maintain Splunk Enterprise, and Splunk ES (Enterprise Security) for advanced security analytics.
2. Develop and optimize Splunk dashboards, alerts, correlation searches, and threat intelligence integrations.
3. Manage Splunk data ingestion pipelines, including log parsing, normalization, and enrichment.
4. Integrate and analyze NDR solutions such as Darktrace, ExtraHop, Vectra AI, or Corelight with Splunk.
5. Develop custom detections and alerts based on network anomalies, behavioral analysis, and threat intelligence.
6. Correlate NDR telemetry with SIEM logs to detect advanced network-based attacks (e.g., lateral movement, C2 traffic).
7. Deploy and manage deception technologies such as Illusive Networks, TrapX, Fidelis Deception, or Attivo Networks.
8. Integrate honeypots, decoy systems, and fake credentials to lure and detect adversaries.
9. Create and fine-tune custom deception campaigns to simulate real-world attack scenarios.
10. Automate deception-related alerts and incident response workflows within Splunk ES & SOAR.
11. Design correlation rules, SIEM-based threat models, and security detections aligned with MITRE ATT&CK.
12. Collaborate with SOC teams to enhance incident detection and response capabilities.
13. Conduct log management audits, forensic investigations, and security assessments.
14. Document Splunk configurations, runbooks, and security procedures.

    Requirements:
    

• 5+ years of experience as a Splunk Engineer, SIEM Engineer, or Security Operations Engineer.
• Expertise in Splunk ES, Splunk SOAR, and Splunk search processing language (SPL).
• Hands-on experience with Network Detection & Response (NDR) platforms like Darktrace, ExtraHop, Vectra AI, or Corelight.
• Experience with security deception tools such as Attivo Networks, Illusive Networks, or Fidelis Deception.
• Strong understanding of network security, log analysis, and SIEM threat detection methodologies.
• Splunk Certified Architect or Splunk Enterprise Security Certified Admin
• Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Information Security, or a related field (or equivalent experience).

Tagged as: arktrace, extrahop, NDR, siem, SPL, splunk, vectra ai