Splunk Developer (Threat Detection Consultant)

Splunk Developer (Threat Detection Consultant) – Brussels / London / Paris / Amsterdam – Banking Client

Duration: 1 year - Freelance Contractor

Rate: 500 – 800 per day

Hybrid: 2 days onsite per week (London, Paris, Brussels or Amsterdam)

Role:

• Interact with the different customers to capture and define requirements for the development and testing of the threat detection capabilities
• Cooperate with log source onboarding team to assure correct log source onboarding and log mapping to data models according to Splunk standard processes
• The development and tuning and continuous improvement of correlation rules
• Develop and maintain dashboards, reports, and alerts
• Create Splunk Knowledge Objects to address customers needs in context of using Splunk as security tool
• Prepare correlation search tests, conduct tests, and document evidence from test that shows correlation search addresses scenario described in use case
• Responsible for the creation of procedures, high-level/low-level documentation, implementation of processes and development of staff in relation to SIEM detection logic
• Coach a team (from a technical perspective); review work outputs and provide quality assurance
• Analyses and identifies areas of improvement with existing processes, procedures, and documentation
• Demonstrates how to use SIEM & Enterprise Security products to both technical/non-technical personnel
• Provides expert technical advice and counsel in the design, monitoring and improvement of SIEM security systems
• Prioritize and coordinate backlog of threat detection requests, making sure we have a healthy balance between defect resolution and new features

Qualifications:

Technical Skills:

• In depth experience in development and maintenance of SIEM use cases
• Fluent in Splunk’s search processing language (SPL)
• Excellent knowledge of Splunk Enterprise and Splunk Enterprise Security
• Sound knowledge about Splunk Common Information Model and log normalization using Data Models
• Solid understanding of cybersecurity technologies, protocols, and applications
• Excellent English communication skills (written and oral)!

Nice to have:

• Splunk Core Certified (Advanced) Power User (crucial)
• Splunk Certified Developer (nice to have)
• Splunk Enterprise Certified Admin (nice to have)
• Splunk Enterprise Security Certified Admin (nice to have)
• Any other Security Certifications (e.g. CEH, GIAC, CISSP, OSCP …)

Soft Skills:

• Strong analytical skills to evaluate sophisticated multivariate problems and find a systematic approach to gain a quick resolution, often under stress
• Strong problem solving, documentation, process execution, time management and organizational skills.
• Ability to communicate sophisticated information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means
• Fast and independent learner, with ambition to self-improve
• At ease in a fast-changing environment, flexible and pragmatic, open-minded
• Accurate, acting with attention to details
• Client focus and delivery oriented
• A team-focused mentality with ability to work & collaborate effectively in a team environment
• Good leadership and communication skills, whether on the field, in the team or with management: you are a keen standout colleague and coordinate work among people from different areas or divisions. A good relationship builder with strong diplomacy skills
• Ability to work autonomously

Remote working:

A minimum office presence of eight days per month is required.

Please do send across to me the most up to date CV to eobiechefu@welovesalt.com