Skills

Python Incident Response Splunk Monitoring Quality Assurance Machine Learning

Job Specifications

Budget: 600

Cyberdefense – Splunk Expert (GSOC)

Contexte de la mission

The mission takes place within ENGIE's Global Security Operations Center (GSOC), specifically on the Detection & Automation team.

The consultant will play a key role in managing and optimizing the Splunk platform (around 8 TB/day) used for cybersecurity monitoring and incident response.

They will collaborate with CERT, MSSP, and SOC analysts to strengthen monitoring, automation, and reliability across ENGIE's cybersecurity environment.

Due to the 24/7 operations of the GSOC, the role includes a rotational on-call duty (1 week per month).

Objectifs et livrables

Profil recherché

At least 4 years of hands-on experience managing complex Splunk production environments, including Splunk Enterprise Security, Splunk ITSI, Splunk Cloud, and Splunk SC4S.
Proven track record in designing, implementing, and optimizing detection rules.
Solid experience in developing automation and support scripts using Python.
Experience with ticketing systems and SLA management.

Principales responsabilités

Work On The Splunk Platform (8 TB Of Data Per Day) In Collaboration With The Splunk Team And Expertise. The Main Tasks Will Be

Administering applications and managing user access within the Splunk platform.
Performing regular maintenance and ensuring the stability of the platform.
Designing and generating reports and dashboards to support operational and security needs.
Managing data ingestion processes and overseeing the integration of data sources and logging equipment into Splunk.
Ensuring the accuracy, consistency, and cleanliness of ingested data.
Restoring log collection in the event of data loss or interruption.
Communicating with internal teams and external clients, primarily in French & English.
Contributing to the expansion and evolution of monitoring and detection coverage.
Supporting automation efforts for data integration and quality assurance workflows.
Creating technical documentation and user guides for internal and external use.
Participating in a shared on duty call rotation (6-person team) for Splunk and related tools.
Assisting with migration and transformation initiatives related to Splunk or associated collection systems.
Developing and deploying machine learning algorithms to enhance analytical and detection capabilities.
Contributing to the creation of cybersecurity detection rules and implementation of use cases.
Continuously proposing enhancements to tools, procedures, and incident response to strengthen threat detection and mitigation.
Building dashboards and defining security metrics and KPIs.
Engaging in internal security communities and contributing to knowledge sharing across teams.

Niveaux de compétence

3 (Advanced): Confirmed expertise, over 5 years of experience. Able to define/implement advanced configuration, do complex troubleshooting into the system logs, communicate with the manufacturer support and perform OS upgrades
2 (Confirmed): Specialist with 3-5 years of experience. Able to define/implement complex configuration, do complex configuration troubleshooting, and perform basic OS upgrades
1 (Junior): Good knowledge, 1-2 years of experience. Able to implement standard configuration, do basic and first analysis troubleshooting

Lieu

ENGIE Paris

About the Company

Une plateforme, deux volets : 1) un volet recruteur, la MegaSearch, pour sourcer, contacter et recruter sans commission les 500,000 freelances de Collective (vive l'IA !). => Par ici pour avoir une démo de l'interface Recruteur : https://calendly.com/juliette-collective-work/demo-collective-work-clone 2) un volet freelance pour se rendre visible et joinable des recruteurs, développer son réseau, et se professionnaliser via des outils de gestion. Faites comme 2,500 ESN, entreprises, cabinets et agences (Theodo, Artefact, Cher... Know more

Related Jobs

Company Name: Free-Work
Job Title: consultant informatique Cybersécurité informatique – Expert Splunk (Global Security Operations Center – GSOC) (IT) / Freelance