Senior Splunk Engineer

EPAM seeks a skilled and driven Splunk Engineer to manage, optimize, and migrate Splunk SIEM environments.
This position is essential for improving SIEM capabilities and ensuring the SOC runs smoothly for our clients. The ideal candidate will have substantial experience in Splunk configuration, engineering, data integration, and troubleshooting to help us achieve our objectives. The Splunk Engineer will participate in an SIEM engineering practice focused on migrationprojects for our customers.

#LI-DNI#EasyApply

Responsibilities

• SIEM & SOAR Configuration: Set up SIEM and SOAR solutions to ensure they work smoothly with various security tools, systems, and data sources. Perform testing and validation for both SIEM and SOAR
• Use Cases Development & Implementation: Create detection use cases and implement SIEM detection rules. Develop remediation use cases for SOAR
• Splunk Architecture: Design, implement, and maintain scalable Splunk environments, including clustered deployments, to enhance performance and reliability
• Migration Oversight: Plan and execute Splunk migrations to minimise downtime and ensure compliance with organisational standards
• Log Sources Integration & Threat Hunting: Integrate log sourceswithSIEM and optimiselog ingestion and processing. Perform threat hunting,data enrichment, and threat intelligencefeeds onboarding and utilise them for automated responses
• Documentation & Reporting: Generate reports for technical and non-technical staff and stakeholders
• Relentless Improvement: Stay up-to-date with SIEM technologies and identify opportunities for continuous improvement

Requirements

• Minimum of 3 years in a SOC environment as a Splunk SIEM Engineer, with proven expertise in managing large-scale Splunk deployments
• Basic knowledge of at least one cloud platform (GCP, Azure, AWS)
• Technical knowledge of Internet security,Network protocols, and related technologies, including IDS/IPS, firewalls, content filtering, NetworkBehaviour Analysis tools, Anti-malware and packet inspection
• Basic understanding of Windows, Linux, DB, network device monitoring and logging techniques
• Basic understanding of host and network security hardening and common security risk management concepts

Nice to have

• Proficiency in scripting and automation (e.g., Python, PowerShell),developing API integrations with SIEM/SOAR
• Familiarity with attack frameworks and knowledge bases, such as the MITRE ATT&CK framework, CAPEC, etc
• Experience with leveraging AI assistance in daily security operations
• Splunk certifications (e.g., Splunk Core Certified Power User, Splunk Enterprise Security Certified Admin)
• Experience with one or more SIRP/SOAR tools (Google SecOps SOAR, TheHive, Cortex,Splunk Phantom, Demisto/XSOAR, Resilient, etc)
• Knowledge of Splunk Search Processing Language (SPL), Splunk Common Information Model (CIM), YARA-L 2.0, Unified Data Model (UDM), and Kusto Query Language (KQL)

We offer

• We gather like-minded people:
  • Engineering community of industry professionals
  • Friendly team and enjoyable working environment
  • Flexible schedule and opportunity to work remotely within Poland
  • Chance to work abroad for up to 60 days annually
  • Relocation within our 50+ offices
• We provide growth opportunities:
  • Outstanding career roadmap
  • Leadership development, career advising, soft skills, and well-being programs
  • Certification (GCP, Azure, AWS)
  • Unlimited access to LinkedIn Learning, Get Abstract, O'Reilly, Cloud Guru
  • Language classes in English and Polish for foreigners
• We cover it all:
  • Stable income (Employment Contract or B2B)
  • Participation in the Employee Stock Purchase Plan
  • Benefits package (health insurance, multisport, shopping vouchers)
  • Strategically located offices featuring entertainment and relaxation zones, table tennis and football, free snacks, fantastic coffee, and more
  • Referral bonuses
  • Corporate, social and well-being events
• Please, note:
  • The set of bonuses might vary based on the role you apply for - specifics will be discussed with our recruiter during the general interview
  • We will reach out to selected candidates exclusively

EPAM is a leading global provider of digital platform engineering and development services. We are committed to having a positive impact on our customers, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to continuously learn and grow. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential.