Job Description

We are seeking a Security Operations Sr. Specialist for Risk & Security Analytics with expertise in Platform Management to join our team. The role involves managing and optimizing Microsoft Sentinel, Splunk, Cribl, and Anomali platforms. The ideal candidate will work closely with various teams including engineering, SOC, L3 support, 24x7 support, business stakeholders, and vendors to ensure the effective operation of our security platforms.

Key Responsibilities:

Splunk Platform Management: Oversee the health, performance, and overall management of the Splunk environment, ensuring optimal system performance, data ingestion, and indexing processes. Maintain and enhance Splunk`s architecture to meet operational needs and support organizational goals.Log Management and Optimization: Ensure efficient log ingestion and routing by configuring and maintaining Splunk forwarders and indexes. Optimize log sources to improve search efficiency and minimize storage costs.Platform Tuning and Performance: Regularly fine-tune and optimize Splunk platform settings, search performance, and indexing configurations. Reduce search query response times and optimize dashboards to ensure seamless user experience.Collaboration with SOC Teams: Support SOC teams by providing tailored dashboards, alerts, and reports to enhance threat monitoring and incident response capabilities. Ensure Splunk meets operational and security needs for SOC.ITIL Process Adherence: Follow ITIL best practices for platform changes, problem management, and service requests. Implement and track changes using established processes to ensure platform reliability.Integration and Vendor Collaboration: Collaborate with vendors for Splunk platform upgrades, troubleshooting, and new feature implementations. Integrate Splunk with other tools like Cribl, Anomaly and Sentinel to enhance functionality.Reporting and Documentation: Generate detailed reports on platform performance, data ingestion trends, and operational metrics. Maintain documentation for platform architecture, configurations, and operational processes.Security Enhancements: Manage Splunk`s role in the organization`s overall security strategy by maintaining visibility into log data and ensuring secure configurations.

Qualifications:

Proven experience (5+ years) managing and maintaining large Splunk deployments, including architecture design, log ingestion, and search performance optimizationStrong knowledge of Splunk query languages (SPL) for advanced search and data analysisFamiliarity with ITIL processes, especially in change management, problem resolution, and service managementExperience collaborating with SOC teams to tailor Splunk dashboards, alerts, and searches for security use casesHands-on experience integrating log data sources into Splunk from various systems and applicationsAbility to troubleshoot performance issues, misconfigurations, or ingestion errors in Splunk environmentsFamiliarity with platform automation workflows and tools (e.g SOAR solutions like Logic Apps or other automation tools)Certifications such as ITIL, CISSP, CEH, GCIH, or Microsoft Certified: Security, Compliance, and Identity Fundamentals are highly desired.

Preferred Skills:

Knowledge of Microsoft Sentinel for monitoring and security integrationExperience using Cribl for log routing and enrichment before ingestion into SplunkFamiliarity with Anomali for threat intelligence feed integrationCloud platform experience (e.g:, Azure, AWS, GCP) for Splunk deployment in hybrid or cloud-native environmentsCertifications in ITIL, CISSP< Splunk Core/Enterprise Security or similar fields

What we offer:

A hybrid work environment with flexibilityCompetitive salary and benefits packageOpportunities for professional growth and further trainingA dynamic and supportive team environment, collaborating on the latest in security technologies.

Current Employees apply HERE

Current Contingent Workers apply HERE

Search Firm Representatives Please Read Carefully 
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company.  No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails. 

Employee Status:

Regular

Relocation:

Domestic

VISA Sponsorship:

No

Travel Requirements:

10%

Flexible Work Arrangements:

Hybrid

Shift:

Not Indicated

Valid Driving License:

No

Hazardous Material(s):

n/a

Job Posting End Date:

01/22/2025

*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.

Requisition ID:R315910