Overview:
We are seeking a highly skilled Defense Engineering Specialist to lead the design, implementation, and management of the Splunk-based SIEM platform for our China operations. The ideal candidate will have hands-on experience in Splunk architecture design, deployment, data modeling, search optimization, and creating use cases for detecting potential security threats based on various log data. Additionally, experience in vendor management and working with other security tools, such as EDR, WAF and PKI Infrastructure, is highly preferred.
Key Responsibilities:
1. Splunk SIEM Platform Deployment and Management:
a. Lead the design, implementation, and customization of the Splunk-based SIEM platform for China operations.
b. Develop and optimize data models, dashboards, and correlation searches to enhance event monitoring and threat detection.
c. Ensure the SIEM platform is configured to meet China-specific regulatory requirements and operational needs.
d.
2. Use Case Development, app onboarding and daily operation:
a. Write and implement use cases to detect potential threats based on various log data sources.
b. Continuously refine and optimize use cases to enhance detection capabilities and reduce false positives.
c. Collaborate with security operation teams to identify new use cases based on new control items, emerging security trends and evolving internal & external threat intelligence.
d. Collect and analyze security threats and vulnerabilities to enhance Splunk rule accuracy and event correlation.
e. Audit and maintain system configurations to ensure compliance with internal security policies and procedures.
f. Optimize Splunk searches and queries for efficiency, minimizing resource consumption and improving performance.
g. Manage data onboarding, indexing, and parsing to ensure accurate and efficient log analysis.
3. Regulatory Compliance:
a. Ensure the Splunk SIEM platform complies with China’s cybersecurity laws and CBDT requirements.
b. Provide engineering support for regulatory inspections, on-site demonstrations, and real-time responses to inquiries in Chinese.
4. Collaboration and Support:
a. Work closely with global engineering teams to align local Splunk configurations with global best practices and standards.
b. Share insights, best practices, and threat intelligence with global teams to enhance the organization’s security posture.
Qualifications:
Basic:
61 Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
61 5+ years of experience in SOC engineering or similar role.
61 Extensive hands-on experience with Splunk, including design, deployment, configuration, and administration.
61 Proven expertise in Splunk data modeling, dashboard creation, search optimization, and use case development for threat detection.
61 Experience in managing vendors and working with third-party security tool providers.
61 Fluent in both spoken and written English and Mandarin.
Preferred:
61 Splunk certifications (e.g., Splunk Core Certified Power User, Splunk Certified Architect).
61 Experience with other security tools such as WAF, certificate infrastructure (PKI), and other network security solutions.
61 Knowledge of threat intelligence frameworks (e.g., MITRE ATT&CK) and their integration into SIEM platforms.
61 Proficiency in scripting languages (e.g., Python, Bash) to automate workflows.
61 Experience with cloud security platforms (e.g., AWS, Ali Cloud) and integrating them into SIEM for monitoring and threat detection.
61 Excellent analytical, problem-solving, and communication skills.