- Support current ArcSight solution and lead effort to migrate detection rules to Splunk ES- Migrate all ArcSight contents to Splunk knowledge objects.- Work with engineering teams on field extractions and validation of logs- Onboarding and normalizing log and reference data-sources needed for analytics- Creation of analytics in Splunk and Splunk Enterprise Security- Improvement and fine-tuning of analytics- Creating data dictionaries for log sources- Operational support for production platforms through health monitoring and root-cause troubleshooting

Skills required - 3+ years of SIEM experience.- Excellent knowledge of ArcSight ESM, creating rules, filters, and active lists.- Excellent knowledge of Splunk and ES (Searching, Reporting, Alerting, Dashboards, Correlation searches)- 3+ years of blue-team operational security experience within a SOC or MSSP- 2+ years of software development experience related applied to the above- Experience using SOAR platforms and Python scripts to automate incident response- Experience creating and maintaining analytics for security use-cases in Splunk and Splunk ES- Experience analyzing data, developing alerts, and designing dashboards for security operations- Comfortable with Unix and Windows CLI from- Experience analyzing infrastructure and application log sources- Knowledge of CIM and experience normalizing data to the common information model- Desired experience writing automation scripts in Python ?Good Understanding of regular expressions- Familiarity with the SDLC and proven experience deploying software into a production environment- Experience with streaming data using Rsyslog, Syslog-NG, Nifi and Kafka- Splunk Certified Consultant / Splunk Certified Enterprise Security Certified Admin- Ability to work in a globally distributed team- Excellent written and verbal communication skills- Passionate interest in cyber security