Principal Splunk Engineer

When you join Verizon

Verizon is one of the world's leading providers of technology and communications services, transforming the way we connect around the world.

We're a human network that reaches across the globe and works behind the scenes. We anticipate, lead, and believe that listening is where learning begins.

In crisis and in celebration, we come together-lifting up our communities and striving to make an impact to move the world forward.

If you're fueled by purpose, and powered by persistence, explore a career with us. Here, you'll discover the rigor it takes to make a difference and the fulfillment that comes with living the #NetworkLife.

Candidate must be within commuting distance to the Verizon office in either Ashburn, Virginia or Cary, North Carolina*

At Verizon, we don't wait for the future, we build it. Join the industry leader in Network and Telecommunications Services as we embark on transforming our nation's critical communications infrastructure and the FAA's National Airspace System (NAS) network.

As a member of our FAA Enterprise Network Services (FENS) team, you will bring your passion, education and experience to this critical mission and interact directly with decision-makers and government staff who are tasked with ensuring the nation's air transportation system's underlying communications infrastructure is secure and always available.

We are hiring skilled and energetic candidates to work alongside the best and brightest employees on a long-term career opportunity to design, build and operate the next generation NAS network supporting the busiest, most complex aerospace system in the world.

Your role within this effort will be the Principal SIEM SOAR Engineer as a part of our Advanced Security Operations Center (ASOC) within Verizon's Managed Security Services team.

This role is designed to provide senior level leadership for the design, engineering, and implementation of security event data collection for our managed security service customers related to incident response, threat monitoring, threat intelligence, and operations.

These programs pertain to the data identification, assessment, ingestion, normalization and enrichment activities required for Verizon's Advanced Security Operations Center to perform proper detection and analytics of cyber threats and response.

Responsibilities Include :

Leading and performing the content development within the SIEM Platform which includes use case creation, dashboard design, tuning of use cases to minimize false positives, development of reporting metrics such as SLA and KPI reports and log source configuration

Participating in use case development, provide technical input into designs, and maintain SIEM use cases throughout their lifecycle including SOAR integration and contributing to playbooks.

Working with the customer to incorporate asset landscape details, severity threats campaigns, and data breaches, as well as perform impact and exposure assessments relative to the customer

Threat hunting and independent threat research to augment and feed custom use case creation

Leveraging advanced knowledge of security operations, cyber security tools, intrusion detection, and secured networks to integrate with the SIEM platform

Acting as an escalation point for the Security Analysts to assist and advice on the most complex security threat investigations

Collaborating with Senior ASOC Analysts and Verizon on-site teams to implement solutions to SIEM & SOAR platforms.

Providing advice on SIEM management, infrastructure, log ingestion and normalization in order to support the ongoing development of use cases and their dependencies.

Reviewing and enhancing logging information flow strategies and technical information flow required for log onboarding; create the work plan required for logging onboarding to include determining the technical details

Sharing and exchanging knowledge gained across all Verizon SIEM stakeholders and subject matter experts.

Developing and implementing SIEM, SOAR, and service management integrations including threat intelligence feeds, authentication systems, and response systems (firewalls, proxies, etc).

SIEM installation, configuration, management and fault-finding.

Providing briefings to ASOC managers, customer service leads, and other stakeholders on issues pertaining to SIEMS management, use case maintenance, and their operational risks.

Determining and report the accomplishments of project initiatives across stakeholder groups, providing consulting and guidance on how to drive business results from the data available

Supporting and consulting vendors and customers to assist in implementing sound and secure logging practices while interfacing with customers in support of their logging requirements

Mentoring and supporting SOC Analysts Tier 1-3

Where you'll be working :

This hybrid role will have a defined work location that includes work from home and assigned office days as set by the manager

You'll Need to Have :

Bachelor's degree or four or more years of work experience.

Six or more years of relevant work experience.

Four or more years of work experience as a SIEM Engineer

Six or more years of relevant work experience as a SIEM Engineer with experience creating custom use cases, dashboards, and reporting

Six or more years of experience with SIEM engineering, administration, and optimization

Must have, or be eligible for, a government clearance at the Public Trust level

Current CISSP certification, or ability to pass CISSP cert exam within 12 months of hire

Even Better if You Also Have :

Master's degree in information security, cyber security, computer science or a related field

Experience assessing and implementing security incident detection systems, particularly SIEMs.

Subject Matter Expertise with Splunk

Use case / correlation development experience.

Threat hunting experience

Linux command line experience

RegEx and data normalization experience

Experience with python (preferred) or powershell scripting

Experience working in a Security Operation Center environment

Cloud security experience

Experience with SOAR platforms, particularly Palo Alto XSOAR.

Knowledge in security architecture and enterprise information technology protocol and traffic flows

Capability to clearly and succinctly explain highly complex issues to senior executives

Strong communication and presentation skills along with the ability to handle multiple priorities in a fast paced dynamic environment

Experience preparing and delivering presentations to peers or senior executives

Ability to negotiate, when warranted, in order to work with other teams

Ability to grasp and assess "big picture" issues and bring them to light in order to foster positive change for a more robust data ingestion platform and process

Strong interpersonal skills and collaborative style to enable success across multiple partners

Where you'll be working

In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager.

Scheduled Weekly Hours

Equal Employment Opportunity

We're proud to be an equal opportunity employer - and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status.

At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging.

We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.