Splunk Engineer in England

Splunk Engineer
£575 a Day Inside IR35
6 months

Remote

Position Summary
The Information Security Engineer (ISE) is the backbone of the SOCaaS offering. The ISE is a technical and consultative role with extensive hands-on operation, management, configuration and troubleshooting of SIEM systems and the SIEM environment. Additional aspects of the position include acting as what would traditionally be considered a "Technical Account Manager" with additional elements relating to service level improvement.

It is the job of the ISE to act as advocate and liaison to the client's which they serve, in addition to acting as a trusted security advisor. The ISE should be familiar with the client's environment, needs and pain points and be diligently working towards improving the usability, functionality and relevance of their SIEM service.

This is achieved through a thorough and complete understanding of the SIEM solution which the client is leveraging (LogRhythm, Splunk, QRadar, Securonix or Microsoft Sentinel). Through this understanding, alongside the deep understanding of the client's environment, the ISE team member will be able to provide best practice recommendations to the client. This will include, but is not limited to, use case creation, report creation, use case tuning and updates, new log source integration, and SIEM vendor best practice implementation.

Key Accountabilities

As the Senior Information Security Engineer (ISE) you will be accountable for:
Acting as a liaison to the client in day-to-day operations of their SIEM solution (LogRhythm, Splunk, QRadar, Securonix or Microsoft Sentinel).
Identifying and implementing service improvements to increase the quality of the SOC as a Service offering
Performing daily health checks on all components of the SIEM solution ensuring all components are functioning correctly and troubleshooting where necessary.
Performing system upgrades and maintenance to ensure the SIEM systems are kept current and in good working order.
Working with the SIEM vendor and other team members (internal or external) to mitigate issues, correct misconfigurations, and address bugs as required.
Performing daily "threat hunting" within the client environment to actively seek out and attempt to address potential security threats being posed in real time.
Working with the client (and/or Channel Partner) in the creation of new use cases and/or alarms to address the client needs, compliance best practices, and to detect zero-day threats.
Tuning use cases and/or alarms in conjunction with the client and the NTT Security Operations (SOC) Team to reduce false positive rates and increase visibility.
Creating reports and other materials as requested in relation to compliance, security, and audit support.
Supporting client needs through supplemental investigations against appropriate logs and log sources as requested or as needed.
Adding additional log sources to the SIEM solution, ensuring appropriate parsing, and validating the data being received.
Hosting and running daily, weekly, monthly and/or quarterly calls in conjunction with the client and vendors to address questions, present information, or assist.
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Experience, Skills and Qualifications

As the Information Security Engineer (ISE) your skills and qualifications will include:
4-year degree, or progressive technical work experience in the information security field, preferably involving SIEM technologies.
Thorough understanding of TCP/IP and Networking.
Thorough understanding and practical experience in Cloud architecture (Azure, AWS, GCP)
Experience managing perimeter security technologies, including monitoring and tuning.
Windows Servers and *NIX OS builds and configuration, including systems auditing and policy configurations.
Working knowledge of Windows Active Directory, GPO administration, security, and audit policies configuration
Federal and Regulatory Compliance knowledge, such as PCI-DSS, NIST, SOX, HIPAA, ISO-27001, or others.
Customer service-oriented self-starter, who can serve as the single point of contact while resolving an issue.
Ability to work under pressure and to very short timelines.
Ability to interact in a professional manner with end users.
Outstanding communication skills; written and verbal (in English).
Excellent organizational skills.
Ability to work independently as needed yet always thinking as part of a team.
Excellent knowledge of Microsoft Office products, including Microsoft Visio.
Willingness to learn new technologies and share with other team members.
Ensure projects are completed on-time, to-budget with the highest technical expertise and professionalism, while maximizing customer satisfaction.
Enjoy working in the cross functional environment, learning from others and collectively sharing accomplishments.

Disclaimer:

This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission.