Sr. Security Platform Engineer
Company: eFinancial Careers
Posted on: April 4, 2021
As a Sr. Security Platform Engineer, you will play a key
technical role in our Platform Engineering team within the GCS
engineering/architecture organization. You will serve as a
technical expert for the platform engineering and services support
for critical security technologies. The role primarily entails
hands on technical product design and deployment specifically for
building and managing SIEM platforms like Splunk Enterprise, Splunk
User Behavior Analytics, Splunk Phantom, Splunk Enterprise Security
and ArcSight. You will also be a mentor to junior staff members
both on-shore and off-shore to develop their skills in SIEM
platforms. Responsibilities will include:
- Engineer, implement and administer SIEM platforms ArcSight,
Splunk Enterprise, Splunk Enterprise Security, Splunk UBA and
Splunk Phantom in public cloud and on-premise datacenters
- Analyze, design, build & support Splunk Multi-Cluster
Architecture. Maintain existing ArcSight infrastructure
- Incident & Problem Management, Change & Release Management,
Vendor Management, Capacity Management functions for these
- Provide 24X7x365 production support for the platforms as part
of the team to ensure smooth operations, system function & system
- Proficiency developing log ingestion and aggregation
- On-board new data sources into Splunk, analyze the data for
anomalies and trends and build dashboards highlighting the key
trends of the data.
- product architecture, engineering and roadmap & Infrastructure
Services for platforms supported by Security Analytics team
- Perform integration activities to connect with 3rd party
- Assist the content engineering team in developing
security-focused content for Splunk, including creation of complex
threat detection logic and operational dashboards
- Control the stages of MSS architecture lifecycle, including
service tooling improvements, requirements execution, architecture
improvements, design, implementation, testing, documentation, and
- Communicate requirements and risks to stakeholders such as
Product, Engineering, and Security leadership.
- Work with cross-functional teams to proactively improve on
existing integration automation/workflows.
- Maintain up-to-date knowledge of technology standards, industry
trends, emerging technologies, and MSS best practices.
- Ensure technical issues are quickly resolved and help implement
strategies and solutions to reduce the likelihood of recurrence.
- Splunk certifications such as Splunk Certified Developer,
Enterprise Security Implementation, Splunk Enterprise Certified
Consultant, and/or Splunk Enterprise Certified Architect
- Extensive experience implementing, architecting and
administering Splunk Enterprise Security, Splunk UBA and Splunk
- Azure/AWS knowledge required with experience preferred in
managing Splunk implementation in AWS
- Must have hands on experience on Splunk Enterprise Environment
setup and troubleshooting skills
- Must have knowledge on setting up new data feeds into
- Must be able to Maintain, Manage and Monitor Splunk
Infrastructure (Identify bad searches, dashboards and manage
overall health of Splunk)
- Experience in clustering and load balance Environments
- Experience writing Splunk queries in Splunk Programming
Language (SPL). Thorough understanding of Splunk processing
language, optimization principles, APIs, and SDK.
Perl, PowerShell scripts
- Experience with platforms such as Ansible, Puppet and Chef
- Experience with other Information Security solutions including
DLP, ZScaler, Palo Alto, Symantec solutions, McAfee, Active
- Independent, self-motivated, proactive approach to problem
solving and prevention.
- Excellent written and verbal communication skills.
- Passion for cybersecurity space.
- Broad experience with SOC, NOC and/or MSS operations.
Experience Desired The candidate shall have Degree in Computer
Science, Engineering, Information Technology, Cybersecurity or
related field and a minimum of 10+ years of experience in Security
engineering , system administration, database administration,
network engineering, software engineering, or software development,
with a concentration in Cybersecurity.
- 10+ years of IT engineering experience in building and managing
infrastructure and security platforms
- 5+ years of professional engineering experience with the Splunk
- Minimum 1-2 full lifecycle implementation experience of Splunk
Enterprise and Splunk Enterprise Security
- In-depth experience with Splunk's multiple deployment options -
including on-premise distributed deployments and public cloud
- Expertise with data ingest, data normalization (Splunk
delivered TAs, custom TAs), search/query design and execution.
- Experience with Splunk component utilization (e.g. Indexer
loads and requirements, search head peering, etc), component
resourcing (e.g. underlying server specs), inter-component
communications and tradeoffs (e.g. DNS vs IP tables, usage of SSL,
etc) and underlying platform requirements.
- Expert-level experience with SIEM technologies -
implementation, tuning, troubleshooting Splunk and ArcSight
- Expertise in building, deploying, scaling, and troubleshooting
the various facets of large scale Splunk clusters and supporting
- 3+ years of DevOps Engineering experience
- 3-5 years of hands on experience with security monitoring tools
such as IDP/IDS, FW and AV with a strong understanding of network
protocols and network monitoring tools
- Hands-on experience supporting/developing enterprise technology
and network infrastructure, including exposure to AWS or other
public cloud infrastructure.
- Knowledge of scripting languages such as Python, Perl, bash,
- Experience using Ansible and any flavor of Git.
- At least one of the following certifications: CASP, GCIH, GCWN,
GISF, GISP, GSSP, GICSP, GSSP, SEI, CISSP, CSSLP, SSCP, CCNP, CCNP
Security, CCIE Security, CEH, ECSP, MCSE, RHCA, RHCE, VCP, VCAP,
Keywords: eFinancial Careers, Quincy , Sr. Security Platform Engineer, Engineering , Quincy, Massachusetts
Didn't find what you're looking for? Search again!