Job Search

SIEM Engineer (SPLUNK)

Job Type: Full-time, Contract
Contract Duration: 6 Months (Renewable)
Location: Remote (US-based)
Industry: Telecommunications
Start Date: ASAP

We are seeking a SIEM Engineer with expertise in Splunk to join a leading telecommunications customer in the United States for a 6-month renewable contract. This is a fully remote opportunity where you will play a crucial role in designing, implementing, and managing security information and event management (SIEM) systems, with a focus on Splunk.

As a Splunk SIEM Engineer, you will be responsible for configuring and maintaining the Splunk platform, conducting security event monitoring, and ensuring timely response to incidents. You will work closely with the cybersecurity team to enhance the security posture of the organization and contribute to real-time threat detection.

Splunk Implementation & Configuration: Deploy, configure, and maintain Splunk Enterprise and Splunk Cloud environments for security use cases.

Security Event Monitoring: Use Splunk for security event collection, correlation, and analysis of logs from various sources (network, endpoint, and cloud environments).

Incident Response: Support incident detection, investigation, and response activities. Create alerts and dashboards to identify anomalies and potential threats.

Rule Creation & Tuning: Design, develop, and refine Splunk search queries, use cases, and security alerts to improve event detection and reduce false positives.

Data Normalization & Parsing: Create data inputs, custom log parsers, and manage complex data sources to ensure the proper ingestion of logs into Splunk.

Reporting & Dashboards: Develop and maintain security-related dashboards, visualizations, and reports for stakeholders.

Collaboration: Work closely with security analysts, network engineers, and other cross-functional teams to ensure seamless operations and threat intelligence sharing.

Documentation & Best Practices: Maintain comprehensive documentation for configuration, policies, procedures, and knowledge sharing.

Experience:

3+ years of hands-on experience with Splunk deployment, configuration, and administration in a production environment.

Proven experience in the telecommunications industry or similar complex, high-traffic environments.

Strong background in SIEM (Security Information and Event Management) with the ability to build effective detection and alerting mechanisms.

Technical Skills:

Splunk (Enterprise & Cloud)

Splunk Query Language (SPL) for building complex queries and dashboards.

Experience with log management and security event correlation.

Familiarity with security frameworks such as NIST, ISO 27001, and others.

Knowledge of network security principles, intrusion detection systems (IDS), firewalls, and cloud-based security solutions.

Experience integrating various data sources into Splunk (e.g., syslog, network devices, firewalls, cloud platforms).

Scripting knowledge (e.g., Python, Bash, PowerShell) for automation tasks is a plus.

GCS is acting as an Employment Business in relation to this vacancy.