Senior Cyber Risk Engineer - Splunk & Incident Response

How you will make an impact:

• Work with application development teams and third-party vendors to develop data for enterprise applications in order to create appropriate logs and events.
• Create logging configuration standards for all IT infrastructure and instructs IT on how to configure systems to log appropriately.
• Create event dashboards and metrics and establishes threshold standards.
• Perform centralized data onboarding and log ingestion into the Splunk platform to improve the visibility of security threat management at Delta Dental of California.
• Administer Splunk Enterprise Security solution in a highly available, redundant, distributed multi-site clustered environment.
• Create and optimize correlation searches for the Security Operations Center (SOC) analysts.
• Assist in the operations, performance, and troubleshooting of Splunk, Search Heads, Indexers, Heavy Forwarders, Deployment Server, Splunk Apps/TAs and Data Models.
• Provide recommendations and implement changes to optimize the Splunk platform.
• Reproduce issues, file bug reports, and escalate cases to Splunk support as necessary.
• Perform log audits and actively work to improve log management compliance.
• Ensure data retention of logs and alerts meets corporate standards.
• Maintain Splunk systems internal documentation, including SOP’s and design documents.
• Create technical documentation related to system configurations, process, procedure, and knowledgebase articles.
• Support defensive tools and solutions that identify and stop advanced adversary tactics and techniques.
• Participate in Computer Incident Response Team (CIRT) responses to active and time-sensitive threats including communications and coordination across different teams.                        
• Work closely with other members of the Cyber Risk Management team to lead changes in the company's defense posture.

What we look for:

• 5+ years of experience in information security.
• 2+ years of hands-on experience with Splunk Enterprise Security
• Certified Splunk Administrator/Enterprise Security
• Relevant security certifications (OSCP, OSCE, GPEN, GXPN, GREM, GNFA, GCFA)
• Experience administrating and operating Splunk in an enterprise environment
• Knowledge and experience working with the Splunk API
• Understands the security incident response discipline, including threat hunting, forensics, intrusion detection, and threat intelligence
• Experience with at least one interpreted programming language (Python, Ruby, etc.)
• Proficiency in PowerShell and/or Bash
• Understanding of TCP/IP networking, and network services such as DNS, SMTP, DHCP, etc.
• Experience in common phishing and other social engineering tactics
• Familiarity with malware, command and control channels, and attacker tactics, techniques, and procedures
• Teamwork and ability to promote a working environment that increases collaboration, predictability, transparency and promotes a culture of experimentation and innovation
• Effective and consistent collaboration through available mediums that enable remote team communication
• Ability to work effectively in a diverse team and promote team diversity

Benefits and perks:

• 12 days starting vacation plus 12 holidays and your birthday off!
• Multiple medical insurance options: 100% paid or low cost premiums
• 100% paid dental insurance
• 100% paid vision insurance
• Onsite gym and/or gym discount and fitness incentive
• Culture of learning: substantial tuition reimbursement to improve your skills
• Career growth: we love promoting from within
• Strong commitment to work/life balance  
• Technology allowance
• Social responsibility and volunteer opportunities