Jobs · Information Technology · California

Security Engineer - SIEM (Splunk) Platform & Operations

Samsung SDS America · San Jose, CA · 3 days ago
On-siteInformation Technology$125k–$175k/yrFull-time

Responsibilities

  • Monitor and analyze security event logs from multiple sources, including firewalls, intrusion detection/prevention systems, endpoint protection platforms, servers, cloud environments, and tools like Darktrace, to identify potential threats.
  • Monitor, triage, and investigate alerts and logs within the Splunk SIEM and Splunk Enterprise Security (ES) platform.
  • Assist in improving SIEM processes, detection coverage, alert fidelity, and operational workflows including creating dashboards.
  • Support the onboarding and integration of logs from enterprise systems into the Splunk environment. Validate log source completeness, data normalization, rule logic, and alert relevance across critical systems and infrastructure.
  • Conduct initial analysis of security events, escalate incidents when appropriate, and assist with root cause identification.
  • Conduct proactive threat hunting using SIEM, EDR, CASB, and network detection tools, such as Darktrace, to identify suspicious activity that may have bypassed traditional controls.
  • Tune and optimize correlation searches, detection rules, dashboards, and use cases to improve operational efficiency and reduce false positives.
  • Prioritize remediation efforts based on risk, severity, and business impact. Participate in incident response activities and support threat hunting initiatives as needed.
  • Collaborate with cross-functional teams to respond effectively to cybersecurity incidents and strengthen overall security posture.
  • Create and maintain documentation for log flows, detection use cases, triage procedures, playbooks, cybersecurity processes, and operational standards.

Requirements

  • Bachelor's degree in Computer Science, Information Security, Information Assurance, or a related field; Master's degree preferred.
  • 3+ years of experience in a cybersecurity operations or related security role.
  • 2+ years of hands-on experience administering Splunk Enterprise Security (ES).
  • Strong hands-on experience with Splunk log ingestion, data normalization, search heads, indexers, SPL query development, and dashboard optimization.
  • Knowledge of detection engineering, correlation rule development, and incident response workflows.
  • Proven experience in threat analysis & incident response.
  • Strong understanding of security log sources, including Windows and Linux servers, firewalls, endpoint tools, cloud infrastructure, and network detection platforms, such as Darktrace.
  • Experience triaging and analyzing security alerts in complex, multi-platform enterprise environments.
  • Familiarity with cloud platforms such as AWS, Azure, or similar environments.
  • Strong analytical, communication, and collaboration skills, with the ability to clearly present findings and recommendations.
  • Ability to work effectively across diverse global teams and adapt to evolving business and technical environments.

Preferred Qualifications

  • Relevant certifications such as Splunk Enterprise Security Certified Admin.
  • Experience with supporting tools such as Darktrace, Crowdstrike, or Netskope are highly preferred.
  • Active knowledge & experience with rule creation & executing correlation searches in Splunk.

Similar jobs

Splunk SIEM Engineer

Resource Management Concepts, Inc.Crane, IN· 2 wk ago
Information Technologyapply on apply.workable.com