Our banking client is looking for a seasoned Splunk Enterprise Security Consultant to help them improve their overall implementation and utilization of the Splunk Enterprise Security App. You will be joining a team that is spread across the Nordics and Poland and consist of highly experienced and broadly experienced professionals.

Support the development and improvements of the Splunk Enterprise Security app implementation and utilization at client in the following areas:

• Data Model ingestion, architecture and best practices
• Risk-based alerting
• Custom event based correlation searches
• Improve true positive detections and minimize false positives
• Utilization of Splunk curated detections
• Threat Intelligence workflows
• Threat Intelligence feeds and integration of Splunk ES with other security tools (TIP, SOAR, etc.)
• Security workflows

Who you are:

To succeed in this role, you are someone with a technical background as well as an understanding of threat intelligence. The following experience and competencies are relevant to succeed in this role:

• 3 years of proven professional experience in administering, designing or utilizing Splunk Enterprise Security app for effective detection, alerting and security workflows
• Certifications on Splunk Enterprise Security Certified Admin or Splunk Certified Cybersecurity Defense Analyst is a huge plus
• Highly skilled in SPL queries, dashboards, alerts and various Splunk knowledge objects
• Experience in working with other security platforms and tools that can be integrated with Splunk such as Threat Intelligence Platform and SOAR
• Ability to work independently and as part of a team
• You are open and easy-going, yet with a natural respect towards privacy and confidentiality.
• You are comfortable in a sometimes stressful and priority driven environment.

Required skills

Splunk Enterprise Certified Admin

Splunk Enterprise Security app

Threat Intelligence

Preferred skills

Splunk Certified Cybersecurity Defense Analyst