Splunk Enterprise Security Consultant

We are seeking a Splunk Enterprise Security Consultant to enhance the implementation and utilization of the Splunk Enterprise Security App. You will join a team of highly skilled professionals based across the Nordics and Poland. This position can be located in Helsinki, Stockholm, Copenhagen, or Oslo.

Tasks

Support the development and improvement of the Splunk Enterprise Security app implementation and utilization at the client in the following areas:

• Data model ingestion, architecture, and best practices
• Risk-based alerting
• Custom event-based correlation searches
• Enhancing true positive detections and minimizing false positives
• Utilizing Splunk curated detections
• Threat intelligence workflows
• Integrating threat intelligence feeds and connecting Splunk ES with other security tools (TIP, SOAR, etc.)
• Security workflows

Requirements

• 3 years of proven professional experience in administering, designing, or utilizing the Splunk Enterprise Security app for effective detection, alerting, and security workflows
• Certifications such as Splunk Enterprise Security Certified Admin or Splunk Certified Cybersecurity Defense Analyst are highly advantageous
• Proficiency in SPL queries, dashboards, alerts, and various Splunk knowledge objects
• Experience working with other security platforms and tools that can be integrated with Splunk, such as Threat Intelligence Platform and SOAR
• Ability to work independently and as part of a team
• An open and easy-going personality with a natural respect for privacy and confidentiality
• Comfort in a sometimes stressful and priority-driven environment