Become a pivotal part of Teadss security team as a Senior SIEM, Incident Response, and SecOps Engineer. This role positions you at the heart of our innovation group, driving initiatives around SIEM technology (specifically Splunk), SOAR (Security Orchestration, Automation, and Response), and operational security excellence.
The ideal candidate will have deep technical knowledge across various cybersecurity tools and technologies, solid understanding of information security and networking principles, and extensive experience collaborating with diverse stakeholders. You will act as a Subject Matter Expert (SME) for Splunk Enterprise, helping Teads achieve robust security monitoring and incident response capabilities while improving operational efficiency.
What will you do?
Splunk Administration and Expertise
Serve as the Splunk Subject Matter Expert to design, configure, manage, operate, and administrate Splunk cloud and Splunk Enterprise Security platforms for managed SIEM infrastructure.
Utilize expert knowledge of Splunk architecture and cloud implementations to optimize performance, redundancy, and scalability.
Create, refine, and maintain data models, rules, advanced dashboards, TSTATS searches, and correlation alerts tailored to organizational needs.
Leverage the Splunk Common Information Model (CIM) for enriched event classification and analysis.
SIEM and SOAR Operations
Develop and enhance custom playbooks, actions, automation workflows, and integrations for SOAR platforms to streamline security operations.
Translate security risks into actionable SIEM use cases and implement workflows and monitoring playbooks to mitigate identified risks effectively.
Guide the design, development, and review of complex SIEM content, ensuring alignment with stakeholder requirements and best practices.
Recommend and implement process improvements for SIEM and SOAR operational efficiency.
Incident Response and Investigation
Lead investigations into suspected security incidents or breaches and analyze security events for actionable insights.
Offer consultative advice on security principles and incident response best practices.
Coordinate incident response actions among internal teams, including written and verbal communication with stakeholders at various levels.
Actively document all capabilities, processes, and key findings related to security operations and incident management.
Team Collaboration and Security Enablement
Work cross-functionally with IT, DevOps, and Development teams to ensure that SIEM content and SOAR integrations address organizational needs.
Provide technical insight and mentorship to team members while acting as a trusted security expert for broader business functions.
Collaborate with stakeholders to map risks to security monitoring requirements and offer tailored recommendations for improvements.
Requirements: Technical Expertise
Splunk Skills:
Extensive experience with Splunk Enterprise, Splunk Enterprise Security (ES), and Splunk Cloud implementations.
Knowledge of Splunk architecture, clustering, CIM, TSTATS, and operational management.
Ability to create custom SIEM rules, correlations, dashboards, and reports tailored to organizational requirements.
Programming and Automation:
Proficiency in scripting languages, including Python and Bash, for workflow automation and integration development.
Familiarity with REST APIs, SQL, NoSQL databases, and Regular Expressions.
SOAR Implementation:
Experience developing SOAR capabilities such as playbooks, integrations, automated actions, and workflows.
Security Fundamentals:
Strong understanding of cybersecurity principles across host and network layers.
Familiarity with investigative methods, malware analysis techniques, and incident response frameworks.
Experience: Minimum of 4 years in a similar role, demonstrating expertise in SIEM and incident response.
This position is open to all candidates.