Splunk Engineer

Skills

• Ability to write correlation searches in Splunk Search Processing Language (SPL) for multiple sensors (Firewall IDS/IPS Armis Sentinel 1 ZScaler and more) incorporating the MITRE ATT&CK and MITRE Engage Models. • Work to broaden the scope of threats detected with a emphasis on high fidelity detections periodic review of detections in production and team and customer metrics. • Proactively ingest Digital Forensics and Incident Response reports from a wide variety of sources. Build detections for cyber-based threats and risks both current and future creating and deploying detections as needed. • Automate manual tasks through technology integrations via scripting and orchestration of playbooks using Python and Powershell. • Participate in Projects to achieve defined security goals and meet technical requirements in support of Abbots needs. • Develop response strategies and technical support documents summaries reports presentations and other designated products. • Support the advancement of Abbott’s Cybersecurity Operations program to ensure consistent detection analysis response and monitoring of cybersecurity threats including actors campaigns and vulnerabilities. • Participate in Purple team events.

Description

What You’ll Work On You will research and build Splunk correlation searches in Splunk Search Processing Language (SPL) to broaden the scope of detection engineering Risk Rules using Risk Based Alerting in to detect threats to Abbott. Investigate the capabilities of the deployed Endpoint Detection and Response tools, Armis and other sensors and ensure we are capitalizing on the available data and capability, enhancing ingested logs. Join the Cyber Threat Engineering team to protect the Abbott enterprise, which includes internal and external computing assets, data, and customers. Intermediate Python and PowerShell scripting and base knowledge of APIs are essential.