The Security Data Engineer position is the subject matter expert for our Security Information and Event Management (SIEM) system.
Leading efforts to aggregate and enrich data supports our security efforts. This individual reports into the Enterprise Security Engineering team, engineers new features for our SIEM and detections platform, and works with security analysts to understand their needs and builds solutions to enhance their ability to find data and build security detections.
This includes onboarding new data sources into our SIEM to support security detections. Analyzing new data, mapping to a common information model, and optimizing storage are all key components of this role.
Inspiring creativity in data analytics and data visualizations, exploring cloud federated data models, and exploring the use of AI to mine data from large data lakes are also key responsibilities.
Maintaining complex data flows that support the SIEM, detections, and automations platforms, as well as building monitoring systems for the data flows and responding to and troubleshooting problems, are critical functions of this position.
The Security Data Engineer will work with operations staff from across the enterprise to ensure the flow of critical data.
This role involves solving challenging and complex problems like searching for security anomalies amongst extremely large data sets and correlating them across sources from every corner of the enterprise.
A successful candidate will have at least 5 years experience with basics of security, be proficient with Splunk Enterprise Security, and have an understanding of other SIEM platforms.
Others skills include the ability to write optimized SPL code, understanding of security detections, proficiency with Linux from an administration standpoint, and familiarity with cloud platforms, PowerShell, Python, ETL tools, and SOAR.