Sr Splunk UBA Engineer - ONSITE
Sr Splunk UBA Engineer - ONSITE
Posted on :
03-05-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
Job Title: Splunk UBA Engineer
36 months
onsite St Doral FL 33172 USA
*** MUST HAVE SECRET CLEARANCE***
We are seeking an experienced and analytical Splunk UBA Engineer to implement optimize and maintain our User Behavior Analytics (UBA) platform. In this role you will use behavioral modeling and machine learning capabilities in Splunk UBA to identify insider threats compromised accounts data exfiltration and other advanced attack techniques. You will work closely with SOC analysts engineers and data owners to turn user activity data into actionable intelligence and riskbased threat detections.
Key Responsibilities Deploy configure and maintain the Splunk UBA platform including data ingestion normalization and threat model tuning.
Deploy UBA cluster designing the build
Ingest and map logs from various sources (e.g. Active Directory VPN firewalls proxy endpoint etc.) into UBA.
Develop and refine behavioral baselines and anomaly detection models to identify suspicious or malicious activity.
Tune and customize threat models to align with organizational risks and reduce false positives.
Collaborate with the SOC and threat detection teams to operationalize UBA detectionsthrough risk scoring notable events and incident response workflows.
Build and maintain dashboards entity timelines and investigative tools within UBA to support threat hunting and investigations.
Integrate UBA output with Splunk Enterprise Security (ES) or SOAR platforms for automated response and triage.
Continuously evaluate new data sources use cases and detection strategies to enhance UBA capabilities.
Document procedures configurations and threat model customizations.
Qualifications
Required: 2 4 years of experience in security engineering threat detection or security analytics.
Handson experience with Splunk UBA and a strong understanding of behaviorbased threat detection.
Proficiency in log analysis and understanding of common data sources (AD EDR firewalls VPN etc.).
Knowledge of machine learning basics anomaly detection and riskbased scoring concepts.
Strong grasp of attack vectors such as lateral movement privilege escalation and insider threats.
Ability to write clear documentation and communicate findings effectively. Preferred:
Experience with Splunk Enterprise Security (ES) and/or SOAR integrations.
Familiarity with MITRE ATT&CK and threat detection frameworks.
Background in scripting (Python PowerShell) and APIbased data integrations.
Splunk certifications such as Splunk Core Certified Power User or Splunk UBA Certified Admin.
arningbased anomaly detection and predictive analytics.
We are seeking an experienced and analytical Splunk UBA Engineer to implement, optimize, and maintain our User Behavior Analytics (UBA) platform. In this role, you will use behavioral modeling and machine learning capabilities in Splunk UBA to identify insider threats, compromised accounts, data exfiltration, and other advanced attack techniques. You will work closely with SOC analysts, engineers, and data owners to turn user activity data into actionable intelligence and risk-based threat detections. Key Responsibilities Deploy, configure, and maintain the Splunk UBA platform, including data ingestion, normalization, and threat model tuning. Deploy UBA cluster designing the build Ingest and map logs from various sources (e.g., Active Directory, VPN, firewalls, proxy, endpoint, etc.) into UBA. Develop and refine behavioral baselines and anomaly detection models to identify suspicious or malicious activity. Tune and customize threat models to align with organizational risks and reduce false positives. Collaborate with the SOC and threat detection teams to operationalize UBA detectionsthrough risk scoring, notable events, and incident response workflows. Build and maintain dashboards, entity timelines, and investigative tools within UBA to support threat hunting and investigations. Integrate UBA output with Splunk Enterprise Security (ES) or SOAR platforms for automated response and triage. Continuously evaluate new data sources, use cases, and detection strategies to enhance UBA capabilities. Document procedures, configurations, and threat model customizations. Qualifications Required: 2 4 years of experience in security engineering, threat detection, or security analytics. Hands-on experience with Splunk UBA and a strong understanding of behavior-based threat detection. Proficiency in log analysis and understanding of common data sources (AD, EDR, firewalls, VPN, etc.). Knowledge of machine learning basics, anomaly detection, and risk-based scoring concepts. Strong grasp of attack vectors such as lateral movement, privilege escalation, and insider threats. Ability to write clear documentation and communicate findings effectively. Preferred: Experience with Splunk Enterprise Security (ES) and/or SOAR integrations. Familiarity with MITRE ATT&CK and threat detection frameworks. Background in scripting (Python, PowerShell) and API-based data integrations. Splunk certifications such as Splunk Core Certified Power User or Splunk UBA Certified Admin. arning-based anomaly detection and predictive analytics.
Employment Type
Full Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
