3 months ago
As Infrastructure Engineer, you would be working to on board the logs, build the correlations, and engineer the alerting used defending the company. Additionally, you would be working to build content for, run, and further develop the ticketing/Security Orchestration Automation and Response (SOAR) platforms. This position is technically not an analyst role, but you will be working very closely with the analyst team. Thus, an understanding of analytics and threat hunting will underpin the more complex use case deployment activities. You will have the opportunity to develop integrations, correlations, and Enterprise Security (ES) content to better protect the environment.
Ideal candidates will enjoy solving complex puzzles (also known as building detection mechanisms around security use cases) in a fast-paced Information Security environment. Candidates would utilize their background in networking, operating systems, and security tools/knowledge to further the use of Splunk/SOAR tools.
Please note that this position is not just for a straight Splunk/SOAR/automation engineer, a candidate will be expected to bring security knowledge to the table as well, in order to facilitate process development.
- Assist in data onboarding
- Review/install/configure Splunk add-ons, Configure monitoring for data sources feeding into Splunk
- Interface with technical personnel and other teams in the ISO as well as the larger organization as required
- Ensure data is CIM compliant
- Follow escalation procedures to interact with Splunk team and data owners
- Troubleshoot platform/data availability and quality issues
- Drive remediation efforts during logging outages/issues
- Configure Splunk Enterprise Security, Develop security content within Splunk Enterprise Security
- Build alerts, dashboards, reports, and associated documentation
- Partner with senior analysts to assist in hunting use case development
- Document changes and conform to existing processes related to Splunk content/data sources
- Candidate is expected to work closely with team members, management, and other IT teams
- Utilize an understanding of attack signatures, tactics, techniques, and procedures associated with advanced threats, while using domain knowledge to improve Prudential's defences/detection mechanisms.
- Develop CSOC workflows within SOAR tooling
- Code automation playbooks used to automate CSOC tasks
- Integrate external data sources into CSOC process flows
Training: Prudential believes in growing our staff while continuing to develop them into more senior positions as they progress. Previous experience with some, or all, of the below technologies will be beneficial.
Qualifications, Skills & Experience:
- Entry level (0-2 yrs.) experience in a corporate IT environment in addition to a degree
- Understanding of IT Security practices/programs
- Documentation/process experience
- Effective oral and written communication skills
- Effective problem solving & analytical skills
- Understanding of networking concepts and tools
- Team player who is Passionate about the field/job, Proactive, driven, self-learner
- Innovative and willing to raise unique/original ideas
- Basic exposure to Splunk, Basic exposure to Linux
- Direct background or exposure to cyber security
- Solid networking understanding and/or experience
- Working knowledge of Splunk architecture and SPL
- Knowledge of Python, SQL, REST / Scripting experience
- Demonstrated commitment to training, self-study and maintaining proficiency in the technical cyber security domain.
- Third Level Qualification (or equivalent) in an IT related discipline.
- Relevant Industry certifications in Networking or Security related discipline is highly desirable