Enable job alerts via email!
Splunk Threat Content Developer – Cloud API Threat Detection (BHJOB22048_760)
ITmPowered
Atlanta (GA)
Remote
USD 80,000 - 120,000
Full time
Boost your interview chances
Create a job specific, tailored resume for higher success rate.
Job summary
An innovative firm is seeking a Splunk Threat Content Developer to enhance Cloud and API Security. This remote role involves developing and implementing threat detection content, focusing on emerging threats in cloud environments and APIs. The ideal candidate will have strong Splunk expertise, experience in threat analysis, and a passion for cybersecurity. Collaborate with a talented team to provide critical security insights and develop custom dashboards that empower analysts. Join a dynamic organization that values intellectual curiosity and offers a supportive remote work environment. If you're ready to make an impact in the cybersecurity landscape, this opportunity is for you.
Qualifications
- Experience in Splunk content development and dashboard creation.
- Strong knowledge of API Security, Cloud Security, and OWASP standards.
Responsibilities
- Lead Splunk content development for Cloud and API Security threat use cases.
- Engineer Splunk content for threat detection, alerting, and dashboards.
Skills
Education
Tools
Job description
Splunk Threat Content Developer – Cloud and API Threat Detection – Remote
The Splunk Threat Content Developer will develop, implement, and oversee content development for Threat Detection, Threat Analysis, and Threat investigations focused on Cloud Security and API Security. Bring your Splunk Content Engineering in Threat Detection, Threat analysis, Threat investigation, Splunk Security Analytics, for Cloud (Azure, AWS, SaaS, IaaS, PaaS) as well as API Security / OWASP threats.
Responsibilities:
- Lead Splunk content development focused on Threat (detection, analytics, investigation, and response) for Cloud Security (SaaS / IaaS / PaaS) and API Security (OWASP) threat use cases.
- Focus on Cloud and API Threat Detection engineering, Content engineering, Splunk Enterprise Security, Cloud and API Security Threat content (OWASP, API Security, Cloud Security, and Healthcare security).
- Develop and implement Custom Splunk content and dashboards for analysts on emerging Cloud/API threats.
- Provide threat visibility and awareness for the Cyber Security organization for new security capabilities.
- Engineer Splunk content for Cloud/API Security Threat Detection, alerting, dashboards, IR runbooks, automation.
- Develop Splunk Content for Cloud/API Security threat use cases (cloud, container, or orchestration misconfiguration, OWASP vulnerabilities, Injection Flaws, insecure network policies, logging & monitoring / runtime threats, CI/CD pipeline & supply chain flaws, cloud IAM roles, Account hijacking, Data exfiltration).
- Cloud Identity Management, privileged access escalation, Key Management threat scenarios.
- Engineer Splunk content to monitor continuously for anomalous API traffic, remediating threats in near real time.
- Engineer Splunk content for API Security Threat use cases (Broken authentication / access controls, security misconfigurations, automated threats, unsafe API consumption, Injection, request forgery, etc.).
- Engineer cloud threat Splunk correlation searches which provide the alerting mechanisms used by the SOC.
- Review newly ingested data sources for potential security alerts and create dashboards.
Qualifications, skills, and experience:
- Splunk experience and certifications.
- Strong experience in Splunk content development, building dashboards, reports, and lookup tables.
- Experience with API Security, Cloud Security, and OWASP.
- Familiarity with Cloud Security (Azure) and/or Cloud Security Posture Management (CSPM).
- Programming experience (Splunk SPL, Python, Java, C++, Perl, HTML, CSS, Ansible, etc.).
- Expertise in large scale cyber security data analytics, identifying data-driven threat collection opportunities.
- Implementation, Operation, and/or Management of SIEM solutions.
- Experience with common enterprise IT tools and logs (AD/AAD, IAM/MFA, CSPM, etc.).
- Experience with Windows and Linux tools.
- Security certifications (GIAC/SANS, ISC (2), EC-Council, etc.).
- Experience with automating common repeatable tasks using a variety of tools and methods.
- Information security analysis experience in a Cyber Security Operations Center (CSOC).
Soft skills:
- Ability to collaborate with others, leveraging many project approaches (Agile/Scrum, Waterfall, Gantt Charts).
- Comfortable working remotely with team members around the country. Self-starter with intellectual curiosity.
- Development of technical documents or presentations – IR/SOC threat runbooks.
LOGISTICS:
- Work remotely anywhere in Domestic US. Preferred locations Colorado or Georgia.
- COVID-19 Vaccine and Booster Required – OR must provide valid medical exemption from doctor in advance.
- Must be able to successfully pass a 12-panel drug screen, 10-year background check, employment verification.
- You will need to be a current US Citizen or valid Green Card holder. No need for visa now or in future. This role is not able to offer visa transfer or sponsorship now or in the future.
- W2 only – No sub vendors. Sponsorship NOT available.
- Must have direct contact information on resume (phone/email) to be considered.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
