Role description

Primary Duties & Responsibilities:

·      Assist Cyber Threat Detection Lead in the organization’s migration to Splunk Cloud, including testing of existing use cases, testing of new use cases, development of new use cases in the new Splunk Cloud SIEM tenant, facilitating requests between entities, and generally being available to assist with any activities related to Threat Detection.

·      Create efficient and performant correlation search queries which will become security use cases, reports, or dashboards while recognizing/identifying patterns in data to drive decision-making.

·      Design, implement and execute testing procedures for new/existing security alerts and communicate status of weekly, monthly, and quarterly deadlines and deliverables.

·      Coordinate change tickets, validating and documenting changes including tracking and reporting of efforts pertaining to Splunk Cloud migration initiatives.

·      Own the execution of security and audit log data ingestion, parsing the data, making it CIM compliant, development, tuning and validation of Use Cases and dashboards.

·      Create use cases for event data across the enterprise in Splunk Cloud while validating existing security monitoring Use-Cases.

·      Produce detailed documentation in regards to the development and testing of security use cases

·      Support project tracking by maintaining relevant log on boarding metrics and other relevant criteria while serving as a key team member for incident response related activities and collaborates with technical teams for security incident remediation and communication.

·      Conduct proof of concepts, vendor comparisons and recommend solutions in line with business requirements and produce reports on status of any ongoing incidents.

Education & Required Qualifications:

·      Bachelor’s degree or experience in relevant field/equivalent work experience

·      Bilingual in English & Spanish is a must

·      3+ years’ years relevant work experience with security test engineering (implementing, and executing testing procedures for new and existing security alerts)

·      2+ years’ experience with Splunk (Developer level- Splunk data libraries, plug-ins)

·      Experience validating Security logs in Splunk SIEM/CRIBL is required

·      Security log analysis and experience is required

·      Previous experience designing, implementing, and executing testing procedures and documentation/reporting

·      Produce precise, and detailed documentation in regard to the SIEM integration of log sources

·      Understanding of AWS cloud platforms and architectures 

Desire Requirements (Not Mandatory):

·      Experience with JIRA, ServiceNow, Confluent, GitHub is highly desired

·      Familiarity with AWS CloudTrail and GuardDuty is a huge plus

Latest jobs

The Cervantes Group

Cloud IAM/PAM Specialist, AWS

July 15th, 2024
Mexico City

The IAM/PAM Specialist will own enterprise identity lifecycle management activities (provisioning, recertification, Privileged Access Management etc.) across all 5 entities within the USA regarding the AWS cloud environments. Create IAM Cloud Solutions following DevOps pipeline processes and drive new integrations of applications and data configurations. The ideal person will be able to provide system administration and manage IAM environments, such as apply patches, data migrations, etc.

The Cervantes Group

Datacenter Migration Engineer

July 15th, 2024

The Datacenter Migration Engineer will be dedicated to executing a Migration/Relocation/Consolidation of critical datacenters within the customer. This person will be deeply involved, alongside Application Owners, Application Architects, and Infrastructure Engineers, in the planning and execution of the data center migration and consolidation program. The ideal person can help assess, discover, and document Infrastructure to Application Dependency and create detailed documentation regarding asset inventory and technical migration plan within VMware/Server/Storage environments, including configuration and management. Manage technical aspects involved with infrastructure consolidation/moves.

The Cervantes Group

Network Engineer, Datacenters

July 15th, 2024

The Network Engineer will be responsible for building, operating, and maintaining network devices installed in Washington DC while supporting related activities with a datacenter migration project. The ideal person will be able to configure routing protocols, provide network information, configuring ports, VLAN, extensions, etc., to support a datacenter migration.

The Cervantes Group

IT SME Middleware

July 12th, 2024

We are seeking an experienced IT Subject Matter Expert (SME) with Level 1 (L1) abilities to provide infrastructure application support for a critical middleware platform used for document processing and management. This platform consists of multiple instances that handle various functions such as ATM/Mobile transactions, branch operations, and common services.