Security Engineer L3

Job Description

We are seeking a Security Engineer with expertise in Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR). The ideal candidate will have a strong background in log management, incident detection, and response using Splunk and Sentinel One EDR.

2. Responsibilities

Manage and optimize Splunk deployment for log collection, monitoring, and analysis.

Develop and maintain Splunk dashboards, searches, and alerts to identify security incidents and breaches.

Integrate log sources with Splunk to enhance threat detection, investigation, and response capabilities.

Onboard multi-vendor assets across our estate on the platform, group devices to enforce RBAC to provision owners of the resources access to reported issues and setup automated notifications to alert resource owners of issues requiring attention

Drive auto-remediation upon detecting violations by judiciously leveraging platforms native automation capability where available and support processes aimed at semi-automated / manual dissemination of findings / issues to resource owners as well as follow-up on their remediation status.

Deploy, configure, and maintain Sentinel One EDR across endpoints, including servers, desktops

Set up and configure Sentinel One policies to ensure optimal detection and prevention of threats across the organization.

Continuously fine-tune SIEM rules and EDR alerts to improve the detection of emerging threats.

Create reports and metrics for management on the health of security operations.

3. Qualifications

Bachelors or master’s degree in computer science, or equivalent experience in related field.

6-7 years professional experience managing and maintaining Splunk & EDR.

Strong experience with Splunk, including search processing language (SPL), dashboard creation, and app/TA development.

Experience with Sentinel One EDR

Knowledge of security event correlation, log management, and SIEM best practices.

Excellent troubleshooting and analytical skills.

4. Certifications

Splunk Enterprise Certified Admin

Splunk Core Certified Power User

Sentinel One EDR certified admin or any other EDR certifications.

Mandate

• Deploy, configure, and maintain Sentinel One EDR across endpoints, including servers, desktops