Splunk Security Engineer

Position Overview Make the product work: Review and rewrite the remaining 30 Professional Services use cases, and as-delivered use cases. o    Determine applicability.  Is the use case needed? o    Correct errors and logic, enhance performance. o    Write supporting documentation and tests. o    Enable / enhance as-delivered Enterprise Security dashboards. o    Create new use cases to address identified gaps. Reduce the noise: Review and rewrite the logic that is used for creating alerts (notable events) from the above use cases. o    Remove hard-coded value comparisons; replace with self-tuning or machine-learning algorithms. Enhance the data: Integrate databases and tools for asset, identity and use case enrichment. o    Write proof-of-concept code to pull and integrate into Splunk: Asset and Identity enrichment (Active Directory, Workday, AWS, ...) Use case enrichment (WHOIS, IP reputation, URL analysis, ...) Other tools (Carbon Black, malware detonation, ...) o    Write framework to do the above, automatically and on schedule. Enable the robots: Have the machine do repetitive tasks that have no endearing value. o    Identify processes suitable for automation, determine thresholds, and create proof-of-concepts such as: Email notification to users / managers: "Don't do that" Review of user-supplied emails for known malware / phishing attempts / ... Carbon Black analysis / forensics of suspect assets IP banning Firewall review / approval AWS lambda integration.  On-going EC2 / security group review and monitoring. Responsibilities Correct the deficiencies identified in the Splunk SIEM use cases, so that they produce accurate, actionable results without consuming disproportionate system resources. Use cases should incorporate automatically-determined use case tuning (through mathematical models, machine learning, etc.) wherever possible, to reduce hard-coded values / manual tuning so that high confidence (low false positive) results are returned. Enhance and enrich the data produced by the use cases by leveraging company and external databases, listed below.  Update Splunk via API / programmatic methods with this data on an automated, scheduled basis. Reduce the amount of manual effort required by security analysts by identifying, documenting and creating proof-of-concepts (POCs), for the tasks listed below.  These automated POCs should enable the machine to perform the repetitive tasks necessary for the proper operation of the SOC. Qualifications: Minimum 5-7 years of information security experience; specifically around incident response, malware analysis, and technical investigations  Working knowledge of common operating systems (Windows, Linux, etc.) and basic endpoint security principles. Knowledge of common networking services and protocols. Experience with common security technologies (IDS, Firewall, SIEM, etc.) Enable creative solutions by stimulating ideas through discussion and collaboration, with a specific focus on building relationships and partnerships with key technology and business leaders The ability to blend innovation with best practices to create custom solutions unique to Dun & Bradstreet The ability to self-organize and prioritize activities independently Manage time and uncertainty well - able to navigate complex corporate environments and drive projects with good enough, but imperfect or incomplete, information Strong written and oral communication skills with the ability to explain technical ideas to non-technical individuals at any level. R-03197
Salary Range: NA
Minimum Qualification
5 - 7 years

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.