Principal Splunk Engineer

About the position

The Principal Splunk Engineer at Verizon is a senior leadership role within the Analytics Security Operations Center (ASOC) focused on the design, engineering, and implementation of security event data collection for managed security service customers. This position is critical for incident response, threat monitoring, and threat intelligence, ensuring effective detection and analytics of cyber threats. The role involves collaboration with various stakeholders to enhance security operations and mentoring junior analysts.

Responsibilities

• Lead and perform content development within the SIEM Platform, including use case creation and dashboard design.
• Participate in use case development and maintain SIEM use cases throughout their lifecycle, including SOAR integration.
• Work with customers to incorporate asset landscape details and perform impact assessments related to security threats.
• Conduct threat hunting and independent threat research to support custom use case creation.
• Leverage advanced knowledge of security operations and cyber security tools to integrate with the SIEM platform.
• Act as an escalation point for ASOC Security Analysts on complex security threat investigations.
• Collaborate with ASOC Senior Security Analysts to implement solutions to SIEM & SOAR platforms.
• Provide advice on SIEM management, infrastructure, and log ingestion.
• Review and enhance logging information flow strategies for log onboarding.
• Share knowledge across all Verizon SIEM stakeholders and subject matter experts.
• Develop and implement SIEM, SOAR, and service management integrations.
• Manage SIEM installation, configuration, and fault-finding.
• Provide briefings to ASOC managers and stakeholders on SIEM management and operational risks.
• Determine and report project initiative accomplishments across stakeholder groups.
• Support vendors and customers in implementing secure logging practices.
• Mentor and support ASOC Security Analysts Tier 1-3.

Requirements

• Bachelor's degree or four or more years of work experience.
• Six or more years of relevant work experience as a SIEM Engineer/Content Developer, especially with Splunk ES, QRadar, Sentinel, etc.
• Experience creating custom use cases, dashboards, and reporting in SIEM environments.
• Experience in SIEM engineering, administration, configuration, and optimization.
• Use case/correlation development experience.
• Threat hunting experience.
• Linux command line experience.
• Knowledge of regular expressions and data normalization.

Nice-to-haves

• Master's degree in information security, cyber security, or related field.
• Experience assessing and implementing security incident detection systems, particularly SIEMs.
• Strong interpersonal skills and collaborative style.
• Experience working in a Security Operation Center (SOC) environment.
• Cloud security experience.
• Experience with SOAR platforms, particularly Palo Alto XSOAR.
• Knowledge in security architecture and enterprise IT protocols.
• Strong communication and presentation skills.
• Experience preparing and delivering presentations to senior executives.
• Ability to negotiate and work with other teams.
• Scripting or automation experience (Python, Perl, Bash, PowerShell).

Benefits

• Work from home flexibility with assigned office days.
• Opportunities for professional development and learning.
• Diversity and inclusion initiatives.