Security Engineer - SIEM (Splunk) Platform & Operations
Samsung SDS America · San Jose, CA · 3 days ago
On-siteInformation Technology$125k–$175k/yrFull-time
Responsibilities
- Monitor and analyze security event logs from multiple sources, including firewalls, intrusion detection/prevention systems, endpoint protection platforms, servers, cloud environments, and tools like Darktrace, to identify potential threats.
- Monitor, triage, and investigate alerts and logs within the Splunk SIEM and Splunk Enterprise Security (ES) platform.
- Assist in improving SIEM processes, detection coverage, alert fidelity, and operational workflows including creating dashboards.
- Support the onboarding and integration of logs from enterprise systems into the Splunk environment. Validate log source completeness, data normalization, rule logic, and alert relevance across critical systems and infrastructure.
- Conduct initial analysis of security events, escalate incidents when appropriate, and assist with root cause identification.
- Conduct proactive threat hunting using SIEM, EDR, CASB, and network detection tools, such as Darktrace, to identify suspicious activity that may have bypassed traditional controls.
- Tune and optimize correlation searches, detection rules, dashboards, and use cases to improve operational efficiency and reduce false positives.
- Prioritize remediation efforts based on risk, severity, and business impact. Participate in incident response activities and support threat hunting initiatives as needed.
- Collaborate with cross-functional teams to respond effectively to cybersecurity incidents and strengthen overall security posture.
- Create and maintain documentation for log flows, detection use cases, triage procedures, playbooks, cybersecurity processes, and operational standards.
Requirements
- Bachelor's degree in Computer Science, Information Security, Information Assurance, or a related field; Master's degree preferred.
- 3+ years of experience in a cybersecurity operations or related security role.
- 2+ years of hands-on experience administering Splunk Enterprise Security (ES).
- Strong hands-on experience with Splunk log ingestion, data normalization, search heads, indexers, SPL query development, and dashboard optimization.
- Knowledge of detection engineering, correlation rule development, and incident response workflows.
- Proven experience in threat analysis & incident response.
- Strong understanding of security log sources, including Windows and Linux servers, firewalls, endpoint tools, cloud infrastructure, and network detection platforms, such as Darktrace.
- Experience triaging and analyzing security alerts in complex, multi-platform enterprise environments.
- Familiarity with cloud platforms such as AWS, Azure, or similar environments.
- Strong analytical, communication, and collaboration skills, with the ability to clearly present findings and recommendations.
- Ability to work effectively across diverse global teams and adapt to evolving business and technical environments.
Preferred Qualifications
- Relevant certifications such as Splunk Enterprise Security Certified Admin.
- Experience with supporting tools such as Darktrace, Crowdstrike, or Netskope are highly preferred.
- Active knowledge & experience with rule creation & executing correlation searches in Splunk.