Demo
Careers
Splunk Developer
Talion is looking for a talented Content Developer with a Splunk focus to join our energetic and experienced Development team. The expectations of this role will be to develop and maintain custom security content in Splunk improving the value of the service for customers.
Location: 
Flexible
Department: 
Date Posted: 
17th March 2021
Deadline: 
31st May 2021

Reporting line

Head of Detection

Who is Talion?

At Talion, we’re changing the way organisations interact with their Managed Security Service Provider.  Born out of BAE Systems, our service is built on first-hand knowledge of military engineering and defence-grade security, together with an in-depth understanding of the threat landscape facing the commercial world today.

When it comes to cyber security, we believe every organisation deserves full visibility and complete control over how threats are monitored, how decisions are made, and how their business is protected. That’s why we prioritise transparency and collaboration across our service lines, implementing security programs that give businesses the control and freedom to pursue ambitions and realise goals, safe in the knowledge that we’ve got their back, 24 hours a day, 7 days a week.

Role Description

Talion is looking for a talented Content Developer with a Splunk focus to join our energetic and experienced Development team. The expectations of this role will be to develop and maintain custom security content in Splunk improving the value of the service for customers.

As a content developer, you will be developing and maintaining content for a range of technologies and devices including but not limited to custom built applications. You will be required to think outside the box to design and implement content to minimize any performance or service impact to our clients. You will be required to create both behavioural and IOC based content in line with the MITRE ATTACK model and customer requests.

The role requires a diverse range of skills to allow the successful candidate to develop and maintain custom content for the detection of emerging threats with a forever changing threat landscape. The role will be working directly with a multitude of security and operational teams throughout the business.

The appointee will report into the Head of Detection and work alongside other Content Developers in the team based in different locations. They will also work closely with our teams in the Security Operations Centre (SOC) in Leeds, and wider business teams in Farnborough and in Kuala Lumpur, Malaysia.

Specific Accountabilities and Responsibilities

  • Create and maintain Security & Operational content development in Splunk, other SIEM platforms and XDR products.
  • Suggesting, driving, and implementing improvements to the Content development and deployment process
  • Have material input and influence into the design and delivery of future service and product roadmaps
  • Create documentation and process designs relevant to the content on SIEM platform and XDR products
  • Participate actively in the process to maintain the Content Threat relevant
  • Mentor and train other members in Splunk
  • Identify improvement and automation opportunities within our security solutions and services to drive out cost and improve services wherever possible
  • Assist the Leadership team and other teams in Splunk and other SIEM platforms
  • Have material input and influence into the design and delivery of future service and product roadmaps

Qualifications and Requirements

Essential

  • Experience in designing and implementing new security use cases for detection platforms
  • Develop and tune Splunk alerts.
  • Develop reliable, efficient queries that will feed Reports and dashboards
  • Maintain current functional and technical knowledge of the Splunk platform and future releases.
  • Knowledge and understanding of regex
  • Familiar with MITRE ATTACK Model and tactics and techniques.
  • Willingness, good attitude, and an appetite to learn and develop
  • Track record of creative problem solving and the desire to create and improve processes
  • Excellent documentation and presentation skills
  • Comfortable managing and communicating with multiple internal stakeholders of all levels.
  • Ability to communicate IT, networking and security concepts to personnel at all levels of experience and responsibility
  • Understanding and command of the fundamentals of network routing, TCP/IP and Network Security
  • Strong time management and multi-tasking skills as well as attention to detail
  • Experience working in fast paced environments, and ability manage workload even during times of escalated

Desirable Experience

  • Experience with Splunk Enterprise Security
  • Experience and knowledge in query languages such as SQL
  • Experience with Managed Security Service Provider (MSSP) service stacks (this could include but not limited to Detection Analytics platforms, Service Orchestration and Automated Response (SOAR) platforms and Vulnerability Scanning and Management solutions)
  • Experience on XDR products like Microsoft Defender ATP, Crowdstrike or Carbon Black
  • Comfortable managing and communicating with multiple external stakeholders of all levels.
  • Strong understanding of security architectures and devices, threat intelligence consumption and management, malware infections and proactive mitigation, data exfiltration techniques
  • An education background in Cyber Security or security qualified in CISSP or CISM
  • Experience working within a security operations center environment
  • Technical certifications with security or network products
 
Apply for this position


    Other vacancies