Senior SIEM Engineer - Splunk

Company Description

Founded and headquartered in Switzerland, Avaloq is continuously expanding its global footprint with around 2,500 colleagues in 12 countries, and more than 170 clients in 35 countries. We are an industry-leading provider of wealth management technology and services for financial institutions around the world, including private banks and wealth managers, investment managers, as well as retail and neo banks. Our research led approach and continual innovation is powered by the passion and creativity of our colleagues.

We are always looking for talented people to join us on our mission to orchestrate the financial ecosystem and democratize access to wealth management. Avaloq offers the opportunity to work closely with some of the world’s leading financial institutions as we jointly develop and shape careers. Championing a collaborative, supportive and flexible work environment empowers our colleagues to reach their full potential.

Job Description

We are seeking a highly skilled and experienced Splunk Architect with a strong background in Security. The successful candidate will be responsible for designing, implementing, and managing our Splunk infrastructure in a hybrid cloud large scale environment. This position is mainly for Bioggio, Ticino office.

Your key tasks 

• Design, implement, and manage the Splunk infrastructure
• Deploy and manage Splunk indexer clusters and search head clusters
• Performing optimization of existing clustered Splunk deployments
• Monitor operations of Splunk platform to enable proactive issue identification, response, and resolution
• Integrate Splunk with a wide variety of legacy data sources, industry leading commercial security tools and Cloud Service provider facilities
  • Build Splunk Technology Add-ons
  • Build custom script in the following languages (Python, Bash, PowerShell, VBscripts)
  • Build Splunk apps to be deployed on thousands of Splunk Universal Forwarders
  • Interact with REST API endpoints
  • Interact with RBDMS in SQL
• Effectively and efficiently onboard data sources, create indexes and data model, create CIM compliant data mapping, establish health monitoring and KPIs
• Manage Splunk knowledge objects (Apps, Dashboards, Saved Searches, Scheduled Searches, Alerts. etc..)
• Manage Splunk Role Based Access Control
• Design and implement Correlation Searches in Splunk Enterprise Security
• Maintain and extend correlation between Asset & Identity and Splunk Enterprise Security framework
• Onboard Threat Intelligence feeds and correlate with data
• Assist Security Analysts providing them consultancy to leverage the Splunk environment
• Drive the operational model transformation of SecOps
• Identify technology gaps, security gaps, develop solutions and make recommendations for continuous improvement

Qualifications

• Splunk Architect or Splunk Consultant certification or proven Splunk Professional Services experience
• At least 5 years of general work experience as Splunk Architect or higher
• Experience in designing and implementing Security Operation Center with Splunk
• Strong understanding of all Splunk architecture components to include search head clustering, indexer clustering, deployment server and monitoring console
• Strong understanding of SPL
• Strong understanding of regular expressions and data pipelines
• Knowledge of platform and application automated deployment and version control software e.g. (Git, Terraform) within a physical environment
• Knowledge of Security components (Firewall, WAF, Vulnerability scanners, etc…)
• Knowledge of Cloud Service Providers, preferably OCI
• Knowledge of SOAR is highly desirable
• Linux system administration skills, preferably RHEL
• Windows system administration skills
• Knowledge of Kubernetes and containerized architectures
• Understanding of network protocols/services and network infrastructures
• Ability to troubleshoot, diagnose and solve issues independently
• Excellent verbal and written communication skills

Additional Information

We realize that managing work life balance is a challenge we all face in our daily lives and in order to support with this we are pleased to offer hybrid and flexible working for most of our Avaloqers to maintain work life balance and still continue our fantastic Avaloq culture in our global offices. 

In Avaloq we are proud to embrace diversity and understand the success of our business is built on the power of different opinions, we are whole heartedly committed to fostering an equal opportunity environment and inclusive culture where you can be your true authentic self. 

We hire, compensate and promote regardless of origin, age, gender identity, sexual orientation or any other fantastic traits that make us all unique, we have done our best to write this advert in an inclusive and neutral way. 

Please be aware that we will not accept speculative CV submissions for any of our roles from recruitment agencies, and any unsolicited candidate submissions will be exempt from any payment expectations.  

#LI-Hybrid