Client: Financial institution
Work arrangement: hybrid, full-time (EU-based), 8 days/month on-site in Brussels or London or Amsterdam or Paris.
Role:
* Interact with the different customers to capture and define requirements for the development and testing of the threat detection capabilities
* Cooperate with log source onboarding team to assure correct log source onboarding and log mapping to data models according to Splunk standard processes
* The development and tuning and continuous improvement of correlation rules
* Develop and maintain dashboards, reports, and alerts
* Create Splunk Knowledge Objects to address customers needs in context of using Splunk as security tool
* Prepare correlation search tests, conduct tests, and document evidence from test that shows correlation search addresses scenario described in use case
* Responsible for the creation of procedures, high-level/low-level documentation, implementation of processes and development of staff in relation to SIEM detection logic
* Coach a team (from a technical perspective); review work outputs and provide quality assurance
* Analyses and identifies areas of improvement with existing processes, procedures, and documentation
* Demonstrates how to use SIEM & Enterprise Security products to both technical/non-technical personnel
* Provides expert technical advice and counsel in the design, monitoring and improvement of SIEM security systems
* Prioritize and coordinate backlog of threat detection requests, making sure we have a healthy balance between defect resolution and new features
Technical Skills:
* In depth experience in development and maintenance of SIEM use cases
* Fluent in Splunk’s search processing language (SPL)
* Excellent knowledge of Splunk Enterprise and Splunk Enterprise Security
* Sound knowledge about Splunk Common Information Model and log normalization using Data Models
* Solid understanding of cybersecurity technologies, protocols, and applications
* Excellent English communication skills (written and oral)
Nice to have:
* Splunk Core Certified (Advanced) Power User (crucial)
* Splunk Certified Developer (nice to have)
* Splunk Enterprise Certified Admin (nice to have)
* Splunk Enterprise Security Certified Admin (nice to have)
* Any other Security Certifications (e.g. CEH, GIAC, CISSP, OSCP …)
Soft Skills:
* Strong analytical skills to evaluate sophisticated multivariate problems and find a systematic approach to gain a quick resolution, often under stress
* Strong problem solving, documentation, process execution, time management and organizational skills.
* Ability to communicate sophisticated information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means
* Fast and independent learner, with ambition to self-improve
* At ease in a fast-changing environment, flexible and pragmatic, open-minded
* Accurate, acting with attention to details
* Client focus and delivery oriented
* A team-focused mentality with ability to work & collaborate effectively in a team environment
* Good leadership and communication skills, whether on the field, in the team or with management: you are a keen standout colleague and coordinate work among people from different areas or divisions. A good relationship builder with strong diplomacy skills
* Ability to work autonomously