Splunk Security Engineer
Why We Work at Dun & Bradstreet
Life here at Dun & Bradstreet is changing - for the better. With almost two centuries of experience and a new modern vibe, work at D&B has never been more exhilarating. Our purpose is to grow the most valuable relationships in business by uncovering truth and meaning in data. We're wildly passionate about our purpose, and it has us evolving everything we do - from how we engage with our customers to how we energize one another. So if you thrive in a fluid, agile culture but want the solidity of a storied and commanding brand, come join us!
Make the product work: Review and rewrite the remaining ~30 Professional Services use cases, and as-delivered use cases.
o Determine applicability. Is the use case needed?
o Correct errors and logic, enhance performance.
o Write supporting documentation and tests.
o Enable / enhance as-delivered Enterprise Security dashboards.
o Create new use cases to address identified gaps.
Reduce the noise: Review and rewrite the logic that is used for creating alerts (notable events) from the above use cases.
o Remove hard-coded value comparisons; replace with self-tuning or machine-learning algorithms.
Enhance the data: Integrate databases and tools for asset, identity and use case enrichment.
o Write proof-of-concept code to pull and integrate into Splunk:
Asset and Identity enrichment (Active Directory, Workday, AWS, …)
Use case enrichment (WHOIS, IP reputation, URL analysis, …)
Other tools (Carbon Black, malware detonation, …)
o Write framework to do the above, automatically and on schedule.
Enable the robots: Have the machine do repetitive tasks that have no endearing value.
o Identify processes suitable for automation, determine thresholds, and create proof-of-concepts such as:
Email notification to users / managers: "Don't do that"
Review of user-supplied emails for known malware / phishing attempts / …
Carbon Black analysis / forensics of suspect assets
Firewall review / approval
AWS [lambda] integration. On-going EC2 / security group review and monitoring.
- Correct the deficiencies identified in the Splunk SIEM use cases, so that they produce accurate, actionable results without consuming disproportionate system resources.
- Use cases should incorporate automatically-determined use case tuning (through mathematical models, machine learning, etc.) wherever possible, to reduce hard-coded values / manual tuning so that high confidence (low false positive) results are returned.
- Enhance and enrich the data produced by the use cases by leveraging company and external databases, listed below. Update Splunk via API / programmatic methods with this data on an automated, scheduled basis.
- Reduce the amount of manual effort required by security analysts by identifying, documenting and creating proof-of-concepts (POCs), for the tasks listed below. These automated POCs should enable the machine to perform the repetitive tasks necessary for the proper operation of the SOC.
- Minimum 5-7 years of information security experience; specifically around incident response, malware analysis, and technical investigations
- Working knowledge of common operating systems (Windows, Linux, etc.) and basic endpoint security principles.
- Knowledge of common networking services and protocols.
- Experience with common security technologies (IDS, Firewall, SIEM, etc.)
- Enable creative solutions by stimulating ideas through discussion and collaboration, with a specific focus on building relationships and partnerships with key technology and business leaders
- The ability to blend innovation with best practices to create custom solutions unique to Dun & Bradstreet
- The ability to self-organize and prioritize activities independently
- Manage time and uncertainty well - able to navigate complex corporate environments and drive projects with good enough, but imperfect or incomplete, information
- Strong written and oral communication skills with the ability to explain technical ideas to non-technical individuals at any level
Dun & Bradstreet is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, age, national origin, citizenship status, disability status, sexual orientation, gender identity or expression, pregnancy, genetic information, protected military and veteran status, ancestry, marital status, medical condition (cancer and genetic characteristics) or any other characteristic protected by law.
We are committed to Equal Employment Opportunity and providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with Dun & Bradstreet and need special assistance or an accommodation to use our website or to apply for a position, please send an e-mail with your request to TalentAcquisitionTeam@dnb.com. Determination on requests for reasonable accommodation are made on a case-by-case basis.
Please note that all Dun & Bradstreet job postings can be found at https://dnb.wd1.myworkdayjobs.com/Careers and all communication from Dun & Bradstreet will come from an email address ending in @dnb.com.
Back to top