ITmPowered
ITmPowered is hiring: Splunk Threat Content Developer – Cloud API Threat Detec
ITmPowered, Seattle, WA, United States
Splunk Threat Content Developer – Cloud and API Threat Detection – Remote
The Splunk Threat Content Developer will develop, implement, and oversee content development for Threat Detection, Threat Analysis, and Threat Investigations focused on Cloud Security and API Security. Bring your Splunk Content Engineering in Threat Detection, Threat Analysis, Threat Investigation, and Splunk Security Analytics for Cloud (Azure, AWS, SaaS, IaaS, PaaS) as well as API Security / OWASP threats.
Responsibilities:
Lead Splunk content development focused on Threat Detection, analytics, investigation, and response for Cloud Security (SaaS / IaaS / PaaS) and API Security (OWASP) threat use cases.
Focus on Cloud and API Threat Detection engineering, Content engineering, Splunk Enterprise Security, and Cloud and API Security Threat content.
Develop and implement Custom Splunk content and dashboards for analysts on emerging Cloud/API threats.
Provide threat visibility and awareness for the Cyber Security organization for new security capabilities.
Engineer Splunk content for Cloud/API Security Threat Detection, alerting, dashboards, and IR runbooks.
Develop Splunk Content for Cloud / API Security threat use cases including misconfiguration, vulnerabilities, and data exfiltration.
Engineer Splunk content to monitor continuously for anomalous API traffic and remediate threats in near real-time.
Engineer Splunk content for API Security Threat use cases including authentication issues and security misconfigurations.
Engineer cloud threat Splunk correlation searches to provide alerting mechanisms used by the SOC.
Review newly ingested data sources for potential security alerts and create dashboards.
Qualifications, Skills, and Experience:
Splunk experience and certifications.
Strong experience in Splunk content development, building dashboards, reports, and lookup tables.
Experience with API Security, Cloud Security, and OWASP.
Familiarity with Cloud Security (Azure) and/or Cloud Security Posture Management (CSPM).
Programming experience (Splunk SPL, Python, Java, C++, Perl, HTML, CSS, Ansible, etc.).
Expertise in large scale cyber security data analytics.
Implementation, operation, and/or management of SIEM solutions.
Experience with common enterprise IT tools and logs (AD/AAD, IAM/MFA, CSPM, etc.).
Experience with Windows and Linux tools.
Security certifications (GIAC/SANS, ISC (2), EC-Council, etc.).
Experience with automating common repeatable tasks using various tools and methods.
Information security analysis experience in a Cyber Security Operations Center (CSOC).
Soft Skills:
Ability to collaborate with others using various project approaches (Agile/Scrum, Waterfall, Gantt Charts).
Comfortable working remotely with team members across the country; self-starter with intellectual curiosity.
Development of technical documents or presentations – IR/SOC threat runbooks.
LOGISTICS:
Work remotely anywhere in the Domestic US; preferred locations are Colorado or Georgia.
COVID-19 Vaccine and Booster Required – OR must provide valid medical exemption from a doctor in advance.
Must be able to successfully pass a 12-panel drug screen, 10-year background check, and employment verification.
You must be a current US Citizen or valid Green Card holder; no visa sponsorship available.
W2 only – No sub vendors; sponsorship NOT available.
Must have direct contact information on your resume (phone/email) to be considered.
#J-18808-Ljbffr