Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Splunk Engineer Charlotte, NC Remote GCIH InfoSec Jobs

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Splunk Engineer
Company Corning
Location Charlotte, NC/Remote
Preferred GIAC Certifications GCIH
Travel 10%
Salary Not provided
Contact Name No Contact
Contact Email nocontact/at/
Expires 2022-03-11

Job Description

Requisition Number: 52096

Corning is one of the world’s leading innovators in materials science. For more than 160 years, Corning has applied its unparalleled expertise in specialty glass, ceramics, and optical physics to develop products that have created new industries and transformed people’s lives.

Corning succeeds through sustained investment in R&D, a unique combination of material and process innovation, and close collaboration with customers to solve tough technology challenges.

The global Information Technology (IT) Function is leading efforts to align IT and Business Strategy, leverage IT investments, and optimize end to end business processes and associated information integration technologies. Through these efforts, IT helps to improve the competitive position of Corning's businesses through IT enabled processes. IT also delivers Information Technology applications, infrastructure, and project services in a cost efficient manner to Corning worldwide.

This role has the ability to be virtual

Scope of Position: As a key member of this team you will be part of a highly collaborative environment that provides tremendous opportunity for growth. You will support a global security initiative to design, build, implement, and maintain a security focused Splunk environment. You will work closely with engineers across the company, and directly interface with our cyber threat analysts to understand their mission and capabilities. You will function as a Splunk SME for the company, leveraging your expertise to provide solutions that meet customer needs, including the development of Insider Risk content, and developing a strong Splunk skillset across the team.


Partner with cyber threat analysts, and other Splunk stakeholders to develop practical solutions that meet their needs
Support the Insider Risk program with the development of insider threat Splunk content
Develop, and continually evolve Splunk content that supports the cybersecurity and operations missions
Contribute to the design and creation of new detection techniques, and improving existing ones
Support the full system engineering lifecycle of the Splunk environment, including requirements analysis, design, development, and system integrations
Support the creation and maintenance of documentation and diagrams of the Splunk architecture and environment
Function as a Splunk SME and coach to develop strong Splunk skills across the Cybersecurity Operations organization
Provide on-call support for incident response efforts outside of core hours as needed.

Education and Experience:

4+ years of Splunk engineering experience
Relevant certifications: (CompTIA Security+, Splunk Core Certified User, Splunk Core Certified Power User, Splunk Enterprise Security Certified Admin, AWS Certified Solutions Architect, etc.)

Required Skills:

Demonstrated on the job experience integrating and correlating large sets of data (syslog, security events, etc.)
Ability to prepare, process, analyze, and visualize significant amounts of events from multiple data sources while keeping the big picture in mind
Proficiency and demonstrated experience managing/deploying large scale distributed Splunk environments
Proficiency and demonstrated ability working with Splunk Enterprise Security
Proficiency and demonstrated experience on-boarding new data, including custom parsing rules and CIM
Experience with Virtualization Platforms (Hypervisor, vSphere, etc.)
Demonstrated critical thinker mindset, and problem-solving skills
Effective communicator, ability to report complicated security events at comprehendible level for all levels of leadership
Excellent written and verbal communication skills, with the ability to process and present complex information

Preferred Skills:

Experience with Cloud technologies and environments (Azure, AWS, etc.)
Experience with Incident Response and associated tools/technologies (IDS, IPS, SIEM, etc.)
Experience with networking (TCP/IP, topology, sockets, and security) operating systems (Windows and Linux), and web technologies (firewalls, proxies, etc.)
Experience with configuring Splunk Enterprise Security dashboards
Experience with configuring Splunk Enterprise Security customer queries, alerts, and rules
Previous experience in a cybersecurity-oriented role (threat analyst, incident responder)
Experience with standard security principles, policies, standards, and industry best practices

Travel Requirement: Up to 10%