Senior Security Engineer - Splunk, Cribl & Azure Sentinel

Help AG is seeking a talented and experienced Senior Security Engineer responsible for the creation of procedures, implementation of process development, and maintenance of security systems across both internal and client environments. The Security Engineer will collaborate closely with Management, Senior Engineers, Threat Analysts, Solution Architects, other Security Engineers, and clients to provide high-profile, critical services to Managed Security Service clients.

The Senior Security Engineer will manage the administration, maintenance, and integration of Splunk, Cribl, and Azure Sentinel, as well as EDR platforms for security operations, technical analysis, assessment, and recommendations in areas such as real-time security, operational network & identity management systems, and application systems security monitoring.

Responsibilities:

• Administer Splunk and its Apps, including developing new or enhancing existing Apps for specialized functionality.
• Integrate Splunk with various legacy data sources.
• Engage application and infrastructure teams to establish best practices for using Splunk data and visualizations.
• Design, implement, and support solutions with Microsoft security technologies like Azure Cloud Access Security Broker and Office 365 Advanced Threat Protection (O365 ATP).
• Implement and administer Microsoft Defender (ATP), and Azure Threat Protection security products within customer environments.
• Manage day-to-day activities of Azure IP platform, ensuring adherence to project execution standards.
• Oversee the implementation, deployment, and support of Nessus scan engines and Tenable Security Center.
• Document vulnerabilities and collaborate on mitigation strategies with agreed SLAs.
• Manage CB sensors, including deployment, operation, and maintenance.
• Assess customer needs, design solutions, and implement them quickly using new technology.

Qualifications & Skills:

• College degree or equivalent training with experience in a Security Operations Center, Managed Security, or client network environment.
• Minimum 7 years of professional experience supporting and maintaining SPLUNK SIEM systems.
• 5-6 years of experience with advanced tuning of Splunk SIEM content.
• Experience with Cribl and practical, hands-on experience with EDR (e.g., Carbon Black).
• Knowledge of Microsoft Azure Information Protection and related technologies.
• General security knowledge, with certifications in Splunk Admin, Splunk Architect, or Splunk Consultant being essential.
• Knowledge of Linux and Windows Operating Systems.
• Experience with various other SIEM security products, including ArcSight and LogRhythm.
• Shift flexibility, including the ability to provide after-hours support as needed.
• Experience with internal and client ticketing systems for incident and problem tracking.