Sr. SOC Engineer - Splunk ES & SOAR

- Design and implement detailed detection use cases that align with the MITRE ATT&CK framework - Perform gap analyses on existing detection capabilities and create action plans to address identified shortcomings - Develop and optimize correlation searches, alerts, and detection logic within Splunk Enterprise Security - Utilize Risk-Based Alerting (RBA) methods to enhance the signal-to-noise ratio of alerts - Formulate detection strategies for multi-cloud environments (AWS, Google Cloud Platform, Azure) - Continuously assess and enhance detection effectiveness based on feedback from the SOC team - Create and implement automated response playbooks utilizing Splunk SOAR - Build integrations across security tools to facilitate automated investigation and response workflows - Develop automation scripts to streamline SOC processes using Python, Bash, and PowerShell - Collaborate with platform engineering to guarantee a dependable automation infrastructure - Define the characteristics of a mature SOC capability leveraging Splunk ES, SOAR, and associated tools - Identify deficiencies in the current SOC setup and provide actionable remediation strategies - Establish best practices, guidelines, and frameworks for detection engineering and incident response - Mentor the platform engineering team on SOC-related requirements and methodologies - Contribute to the long-term strategy and capability advancement of the SOC - Partner with threat intelligence and hunting teams to translate research into effective detections - Work alongside SOC analysts to enhance investigation workflows and the quality of detections - Team up with platform engineering to implement and sustain SOC infrastructure - Engage in incident response activities to validate and enhance detection and automation abilities - Document detection methodologies, playbooks, and technical frameworks