Splunk SIEM SOC Engineer (W-2) (Palo Alto Networks) North Carolina jobs in United States
cer-icon
Apply on Employer Site
company-logo

StopAHack.com® · 18 hours ago

Splunk SIEM SOC Engineer (W-2) (Palo Alto Networks) North Carolina

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level, Lead/Staff
date10+ years exp

StopAHack.com® is a veteran-founded cybersecurity services company. The role involves owning Splunk administration and content development while integrating telemetry into Cortex XSIAM, coordinating with Palo Alto Networks and end customers.

Computer & Network Security
badNo H1BnoteU.S. Citizen Onlynote

Responsibilities

Administer and operate Splunk Enterprise and Splunk Enterprise Security, including upgrades, clustering, data lifecycle, and performance tuning
Onboard and normalize data sources using forwarders, add-ons, props and transforms, CIM mappings, and field extractions with regular expressions
Design and implement detection content, correlation searches, notable events, and risk-based alerting, with tuning and false positive reduction
Build dashboards, reports, and runbooks for SOC workflows, investigations, and KPIs
Investigate alerts, perform threat hunting using SPL and regex, and support incident response with RCA and durable fixes
Design and manage data feeds into Cortex XSIAM, validate schemas, develop detections and XQL queries, and align Splunk content with XSIAM analytics
Document HLD and LLD designs, change plans, and operational procedures; mentor customer engineers and deliver knowledge transfer

Qualification

SplunkRegular expressionsThreat huntingIncident responseCortex XSIAMScripting in PythonCybersecurity principlesAnalytical skillsSplunk certificationsProblem-solving skillsCommunication skillsCollaboration skills

Required

10 years of experience with Splunk, including deploying and maintaining searches, correlation rules, dashboards, and data onboarding
Strong knowledge of regular expressions (RegEx) and core cybersecurity principles, with hands-on SOC experience
Experience in threat hunting and incident response
Strong analytical and problem-solving skills
Excellent communication and collaboration abilities
Ability to work independently in a remote setting
Bachelor's degree in computer science, cybersecurity, or a related field, or equivalent practical experience

Preferred

Splunk certifications (Core Power User, Admin, Architect, ES), CISSP, or GIAC
Experience with Cortex XSIAM or XSOAR, XQL, and detections content
Scripting or automation skills in Python or bash
Experience integrating SIEM with SOAR and external threat intelligence

Company

StopAHack.com®

twitter
company-logo
StopAHack® helps security leaders reduce risk, accelerate compliance, and modernize operations.
dateFounded in 2021
location
Marlborough, Massachusetts, US
people-size11-50 employees
web-link
https://stopahack.com

Funding

Current Stage
Early Stage
Company data provided by crunchbase