We are seeking a Splunk Enterprise Security Consultant to enhance the implementation and utilization of the Splunk Enterprise Security App. You will join a team of highly skilled professionals based across the Nordics and Poland. This position can be located in Helsinki Stockholm Copenhagen or Oslo.
Tasks
Support the development and improvement of the Splunk Enterprise Security app implementation and utilization at the client in the following areas:
- Data model ingestion architecture and best practices
- Riskbased alerting
- Custom eventbased correlation searches
- Enhancing true positive detections and minimizing false positives
- Utilizing Splunk curated detections
- Threat intelligence workflows
- Integrating threat intelligence feeds and connecting Splunk ES with other security tools (TIP SOAR etc.)
- Security workflows
Requirements
- 3 years of proven professional experience in administering designing or utilizing the Splunk Enterprise Security app for effective detection alerting and security workflows
- Certifications such as Splunk Enterprise Security Certified Admin or Splunk Certified Cybersecurity Defense Analyst are highly advantageous
- Proficiency in SPL queries dashboards alerts and various Splunk knowledge objects
- Experience working with other security platforms and tools that can be integrated with Splunk such as Threat Intelligence Platform and SOAR
- Ability to work independently and as part of a team
- An open and easygoing personality with a natural respect for privacy and confidentiality
- Comfort in a sometimes stressful and prioritydriven environment