Join us as we pursue our disruptive new vision to make machine data accessible, usable and valuable to everyone. We are a company filled with people who are passionate about our product and seek to deliver the best experience for our customers. At Splunk, we’re committed to our work, customers, having fun and most importantly to each other’s success. Learn more about Splunk careers and how you can become a part of our journey!
The Splunk Senior Monitoring Operations Manager reports to the Director of Detection and Monitoring Operations. The role is based in McLean, VA or Remote. In this role, you will be responsible for the day-to-day operations of the 24x7 Monitoring Operations team. You will have a deep understanding of Information Security principles coupled with solid grasp of what it takes to run a Security Operations Center within Splunk and a continuous desire to learn and grow. We are a passionate team who has fun, enjoys a good laugh but above all else thinks security first!
- Lead all aspects of a Security Operations Center which monitors emerging threats, and works closely with Incident Response and Threat Intel teams to determine appropriate courses of action
- Maintain team resources to support business & operational needs (shift coverage, leads, escalations)
- Establish and sustain service level goals with key business partners while seeking opportunities to improve upon them
- Raise issues to leadership in a timely manner with appropriate information regarding risk, action times, and root cause analysis
- Develops program metrics and reporting frameworks, compiles and analyzes data for accurately timely reporting of detection, project and achievement activity
- Coordinate with the SCIRT to build post-incident feedback loop to educate SOC analysts and enhance detection capability
- Work closely with Threat Hunters to act as a force-multiplier for the Threat Hunt Service
- Develop and maintain key multi-functional relationships with Security Research, Physical Security, Product Security, IT, Legal, and other critical business unit areas
- Continuous development of personnel through formal and informal training, information sharing sessions and training vignettes
- Streamline and automate the auditing and collection of commercial compliance certification evidence and maintenance of their related applicable policies and standard operating procedures
- Find opportunities for the automation of business and operational processes and workflows to increase the efficiency of the SOC
- Build technical briefs and speak to customers and partners about Splunk’s use of Splunk security products, and how we maximize our partner ecosystem.
- Extensive experience with Splunk with advanced Search Processing Language (SPL) skills
- Ability to build positive relationships internally and externally, in-person and virtually
- Detailed understanding of the MITRE ATT&CK Framework and/or the Cyber Kill Chain
- Demonstrated ability to identify, coordinate and respond to security incidents using commercial and/or open source technologies.
- Experience with Incident Response methodology in investigations, and the groups behind targeted attacks and tactics, techniques, and procedures (TTPs)
- Solid understanding of networking protocols and infrastructure designs; including cloud infrastructures, routing, firewalls, host and network intrusion detection systems, encryption, load balancing, Active Directory, DNS, and other network protocols
- Comprehension of how attacks exploit operating systems and protocols
- Ability to summarize events/incidents effectively to different constituencies such as legal counsel, executive management and technical staff, both in written and verbal forms.
- Eligible to work in the United States without company sponsorship
We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.
For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records.