**Job Description - Business Apps Support Engineer (SIEM Resident SME)**
**Title**:
Business Apps Support Engineer (SIEM Resident SME)
**Location**:
Remote, based in Costa Rica
**Job Overview**:
**Key responsibilities include**:
- Performance tuning and optimization of our Splunk Cloud infrastructure to improve search speed, storage efficiency, and overall system performance.
- Stay current with the latest Splunk Cloud features, updates, and best practices, and share this knowledge with the team to foster an environment of continuous improvement.
- Integrate SOAR tools with Splunk Cloud to automate security operations and incident response workflows, enhancing our security posture and operational efficiency.
- Ability to develop custom Splunk Cloud apps, dashboards, reports, and visualizations using Splunk's app development framework.
- Develop and maintain custom playbooks and workflows within SOAR tools to address specific security use cases and automate remediation processes, ensuring a proactive security stance.
- Document configurations, procedures, and troubleshooting steps comprehensively to facilitate effective knowledge sharing, system maintenance, and continuity of operations.
- Collaborate with cross-functional teams to understand security needs and leverage Splunk Cloud's capabilities to develop custom apps, dashboards, reports, and visualizations that provide actionable insights.
- Troubleshoot and optimize Splunk Cloud environments, with a focus on search optimization, query tuning, and efficient index management, to ensure system reliability and performance.
**Preferred Qualifications and Experience**:
- Understanding of business process automation and workflow management, including the use of BPM (Business Process Management) tools and platforms.
- At least 3 years of hands-on experience as a Splunk Cloud Administrator, preferably in a large-scale enterprise environment, demonstrating a deep understanding of Splunk Cloud architecture, components, and deployment strategies.
- Solid foundation in Linux/Unix and Windows systems, encompassing system administration and networking concepts, to support a heterogeneous computing environment.
- Proficient in data ingestion, parsing, and transformation within Splunk Cloud, utilizing data input methods, field extractions, and regular expressions for effective data management.
- Demonstrated ability in troubleshooting and performance optimization of Splunk Cloud environments, including expertise in search optimization, query tuning, and index management.
- Advanced scripting skills (e.g., Bash, PowerShell, Python) for automation purposes and extending Splunk Cloud functionalities, streamlining operational processes.
- Experience with integrating and utilizing SOAR tools (e.g., Demisto, Phantom, Cortex XSOAR) for automated security operations and incident response.
- Excellent communication and collaboration skills, essential for working effectively with cross-functional teams and stakeholders.
- Desirable experience includes working with distributed Splunk Cloud architectures, proficiency in data analytics and machine learning, and familiarity with cloud platforms (AWS, Azure, GCP).
- Splunk certifications (e.g., Splunk Certified Administrator, Splunk Certified Architect, Splunk Certified Power User), an understanding of DevOps practices, and familiarity with other log management and monitoring tools (e.g., ELK Stack, Prometheus, Grafana) are advantageous.
