You will be hands-on with Splunk (Enterprise/Cloud/ES) and Cribl (Stream/Edge) to onboard, normalize, and optimize security data, while building/ maintaining detections, dashboards, and automations
Job Summary
You will be hands-on with Splunk (Enterprise/Cloud/ES) and Cribl (Stream/Edge) to onboard, normalize, and optimize security data, while building/ maintaining detections, dashboards, and automations.
Platform & Data Engineering responsibilities include onboarding new log sources, building and managing Cribl pipelines, and implementing/maintaining Splunk data models.
Security Mindset & Collaboration involves applying MITRE ATT&CK mapping, threat modeling, and partnering closely with SOC Analysts, Threat Hunters, and IR teams.
Matching Summary
You will be hands-on with Splunk (Enterprise/Cloud/ES) and Cribl (Stream/Edge) to onboard, normalize, and optimize security data, while building/ maintaining detections, dashboards, and automations.
Skills & Requirements
Must-have
Splunk (Enterprise/Cloud/ES)
Cribl (Stream/Edge)
Splunk data models, CIM mappings
SPL skills (joins, stats, eval)
Linux fundamentals, Git, scripting
MITRE ATT&CK, NIST frameworks
Nice-to-have
Risk-based alerting
Cloud and SaaS logging
Observability crossover
SOAR playbooks and enrichment
Key Requirements
2-3 years of hands-on experience with Splunk
Working knowledge of Cribl
Familiarity with CIM, data models, security logs
Understanding of core security concepts
Experience with Linux, Git, scripting (bash or Python)