Join us as we pursue our vision to make machine data accessible, usable and valuable to everyone. We are a company filled with people who are passionate about our product and seek to deliver the best experience for our customers. At Splunk, we’re committed to our work, customers, having fun and most importantly to each other’s success. Learn more about Splunk careers and how you can become a part of our journey!
The Splunk Principal Threat Response Analyst is a lead analyst and organization thought leader that works with the Director of Threat Response and supports operations for our Security Operations Center. This role is based in Hyderabad, Telangana, and supports a hybrid remote/office schedule. You will be responsible for the 24x7 monitoring, operations, and response to cyber security threats. You must have an extensive knowledge and understanding of Information Security principles and frameworks, coupled with excellent communications skills and a continuous desire to learn and grow.
-
Make key decisions in selecting methods, techniques, and evaluation criteria for resolution
-
Improve content used to detect anomalous behavior within our environment
-
Perform monitoring, research, assessment and analysis on all notable security events from a variety of technologies such as firewalls, intrusion detection systems, cloud services, endpoint security and operating system events.
-
Respond to and address the highest priority events within the SOC
-
Author and help define procedures to consistently follow when investigating security events
-
Provide recommendations and requirements for new technologies.
-
Make key contacts and network/partner with senior internal and external personnel areas of Security and areas of outside expertise
-
Determine the best methods/practices for routine compliance and control monitoring, and assist in the creation and modification of monitoring capabilities as controls evolve
-
Handle daily tasks, ad-hoc assignments, and lead small projects as needed
-
Participate as a member of the SplunkCIRT during major incidents and lend contributions to post-Incident review and continuous improvement
-
Participate in complex threat hunting endeavors
-
Mentor and advise junior analysts as needed to facilitate growth
- You have 8-10 years of experience as a Cyber Security Operations Center Analyst or equivalent knowledge
-
You have expert level knowledge of security-related technologies including cloud service providers, firewalls, intrusion detection systems, and endpoint security tools
-
You also are well versed in the areas of TCP/IP protocols, network analysis, and the OSI framework
-
You have a very solid understanding of Incident Response framework, root cause analysis
-
Extensive knowledge around designing efficient Splunk searches and know what to do to make our Splunk searches more efficient and accurate
-
Experience triaging through log data during high profile security incidents
-
You have written new signatures for common security tools from the ground-up and know how to deploy them
-
You have working knowledge of endpoint and server systems administration
-
You have the ability to multitask, prioritize and take-charge
-
Proven mentorship and leadership skills
-
You have the willingness and desire to think outside of the box for creative solutions to problems with the moxie to follow-through.
-
Excellent interpersonal skills and ability to see things through the customer’s eyes
-
Solid attention to detail
-
An understanding of Cyber attack techniques, tactics, and objectives
-
Knowledge of how malware functions, common methods for persistence, and signs of infection
Education: Bachelor’s Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.
Experience: Minimum 8-10 years of related experience in data security administration.
We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.