Splunk Threat Detection Analyst

O projekcie: Offer Details:  - 100% Remote work, will remain remote permanently! - Working schedule: 07:00 - 15:00 CET (Central European Time) - Salary: Will be based on your experience and expertise - Technology Allowance: You will benefit from a generous budget allocated for computer, office equipment, or even a Starlink to ensure you have the tools you need to excel in your role - Healthcare: Private health insurance provided by Enel-Med (with extended family package if needed) - MultiSport: Access to various fitness and wellness facilities in Poland (with extended family package if needed) - Cooperation: Long-term! About Augmenta We are an IT consulting firm that specializes in providing digital solutions to businesses of all industries. With a team of experienced professionals and cutting-edge technology, we offer services in strategy and consulting, technology, and operations. Our goal is to help our clients stay ahead of the competition and thrive in today's digital landscape. Wymagania: The ideal candidate will be responsible for supporting the design, implementation, and maintenance of threat detection use cases within a hybrid SIEM environment. This role requires a solid foundation in security operations, log analysis, and query development to assist in protecting our organization from emerging cyber threats. Must-Haves: - 3+ years of experience in cybersecurity or information technology, with at least 1 year focused on Security Operations (SOC) or SIEM content. - Proficient in Splunk Enterprise Security (ES), including SPL (Search Processing Language) and alert configuration. - Solid understanding of network protocols, system logs (Windows/Linux), and security event analysis. - Familiarity with threat intelligence integration and applying MITRE ATT&CK framework to detection efforts. - Basic familiarity with scripting languages (e.g., Bash, Python, PowerShell) for automation and data analysis. - Familiarity with offensive security tactics & techniques is a plus. - Relevant certifications such as Splunk Core Certified Power User, CompTIA CySA+, BTL1, or similar are preferred. - Strong problem-solving skills and the ability to work collaboratively in a fast-paced environment. Nice-to-Haves: - Exposure to additional SIEM platforms or security tools (e.g., Elastic, QRadar, CrowdStrike). - Ability to learn quickly and contribute to a collaborative security culture. Codzienne zadania: - Assist in developing, optimizing, and managing SIEM searches and alerts to identify potential security threats in real-time. - Support the creation and refinement of custom SIEM use cases and detection logic to enhance threat visibility across systems and networks. - Analyze log data and triage alerts to identify anomalies and support proactive threat hunting initiatives. - Collaborate with senior engineers and incident response teams to validate detection logic and provide analysis during security incidents. - Assist in maintaining and tuning SIEM deployments, specifically focusing on false positive reduction and data quality. - Help integrate SIEM with other security tools and data sources to ensure proper data ingestion and coverage. - Stay current on evolving cyber threats, attack techniques, and industry best practices to contribute to improved detection strategies. - Document detection rules, runbooks, and incident findings for knowledge sharing and compliance purposes.