Join us as we pursue our vision to make machine data accessible, usable and valuable to everyone. We are a company filled with people who are passionate about our product and seek to deliver the best experience for our customers. At Splunk, we're committed to our work, customers, having fun, and most importantly to each other's success. Learn more about Splunk careers and how you can become a part of our journey!**Role**:The Splunk Threat Response Incident Response Analyst works with the Security Operations Center Shift Lead, aligned with our United States-based shifts. The role is located in Costa Rica. In this role, you will be responsible for supporting our response to cyber security threats. You will also contribute to a variety of supporting security operations projects, including automation, detection creation, threat hunting, and more. You will have a foundational understanding of Information Security and Information Technology principles and disciplines coupled with excellent communications skills and a continuous desire to learn and grow. We are a passionate team who has fun, enjoys a good laugh, but above all else thinks security first.**Responsibilities**:- Perform various tasks required to support the 24x7 operation helping to improve documentation, building processes, and enrichment of security events within the Splunk Enterprise Security platform. This is a shift-based 4 days per week, 10-hour shift position.- Contribute to new and ongoing security projects across automation, threat hunting, and detection creation and tuning- Improve the quality of searches to enrich data with critical information.- Gather evidence to support the organization's compliance and control monitoring responsibilities- Review and update existing runbooks to ensure optimal and efficient response actions- Assist in the development of new searches to find malicious activity in the Splunk environment- Validate existing data sources meet data quality standards**Requirements**:- Two to five years of experience working in a Security Operations Center or equivalent environment- Foundational knowledge of security related technologies including firewalls, intrusion detection systems and endpoint security tools- Foundational knowledge of TCP/IP protocols, network analysis, and the OSI framework- Foundational knowledge of endpoint and server systems administration- Foundational knowledge of Cloud technologies- Foundational proficiency in Python and Go, with additional knowledge of PowerShell and Bash preferred- Ability to multitask, prioritize and take-charge- Willingness and desire to think outside of the box for creative solutions to problems with the moxie to follow-through- Excellent interpersonal skills- Good attention to detail
