
Security Analytics Engineer
SixGen, Inc.
Posted about 8 hours ago
Job Title: Security Analytics Engineer
Position Summary
The Security Analytics Engineer is responsible for engineering, optimizing, and sustaining the enterprise security analytics platform that supports the organization's Security Fusion Center (SFC). This role designs, implements, and maintains security monitoring capabilities by developing advanced detection analytics, optimizing security telemetry, integrating enterprise security tools, and enabling automation across the cybersecurity ecosystem.
The ideal candidate is an expert in Splunk Enterprise Security and the broader Splunk platform, with extensive experience implementing and managing CRIBL data pipelines, security analytics, detection engineering, and enterprise log management. This individual partners with Threat Intelligence, Threat Hunting, Incident Response, and Security Operations teams to ensure security technologies provide timely, high-fidelity detection of evolving adversary tactics, techniques, and procedures (TTPs).
Key Responsibilities
Security Analytics Engineering
- Design, develop, and maintain enterprise security analytics supporting the Security Fusion Center.
- Develop advanced detection logic, correlation searches, dashboards, reports, and alerts to identify emerging cyber threats.
- Continuously improve detection capabilities by developing analytics aligned with current adversary tactics, techniques, and procedures (TTPs).
- Engineer scalable solutions that improve security visibility, operational efficiency, and threat detection effectiveness.
Splunk Platform Engineering
- Administer, configure, and optimize Splunk Enterprise Security (ES), Splunk User and Entity Behavior Analytics (UEBA), and Splunk Security Orchestration, Automation, and Response (SOAR).
- Develop and maintain Splunk searches, correlation rules, risk-based alerting, dashboards, and knowledge objects.
- Optimize data ingestion, indexing, data models, and search performance across large enterprise environments.
- Support lifecycle management, upgrades, performance tuning, and operational maintenance of the Splunk platform.
CRIBL & Security Data Pipeline Engineering
- Design, implement, and maintain CRIBL pipelines to efficiently collect, normalize, enrich, filter, and route enterprise security telemetry.
- Optimize log ingestion and data transformation processes to improve analytics quality while reducing storage and licensing costs.
- Develop parsing, enrichment, and routing logic supporting enterprise detection engineering.
- Integrate data from cloud, endpoint, network, identity, and application security platforms into the Security Fusion Center analytics environment.
Detection Engineering & Security Tool Integration
- Develop and maintain detection analytics supporting proactive identification of advanced cyber threats.
- Evaluate emerging security technologies and recommend enhancements aligned with enterprise cybersecurity strategy.
- Support integration of enterprise security platforms, including SIEM, SOAR, EDR, identity security, vulnerability management, and cloud security tools.
- Collaborate with Threat Hunting and Threat Intelligence teams to operationalize new detections based on emerging threats.
Security Platform Operations
- Operate, maintain, and continuously improve the Security Fusion Center Analytics Platform (SFCAP).
- Support engineering efforts for enterprise security analytics platforms, including custom and commercial solutions.
- Maintain an inventory of enterprise security tools and document system capabilities, integrations, and operational dependencies.
- Support platform reliability, availability, scalability, and security.
Automation & AI
- Implement AI-enabled analytics and automation capabilities to improve ingestion, normalization, enrichment, correlation, and analysis of security telemetry.
- Identify opportunities to automate repetitive engineering and operational tasks.
- Research emerging technologies supporting security analytics, machine learning, and operational efficiency.
- Assist in evaluating AI-enabled security operations capabilities and recommending implementation strategies.
ServiceNow Security Integration
- Develop security use cases supporting enterprise adoption of ServiceNow Security Incident Response (SIR).
- Design and document integrations between ServiceNow and enterprise security platforms.
- Collaborate with operational teams to improve incident workflows through automation and orchestration.
Required Qualifications
- Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Engineering, or a related field.
- 5+ years of experience designing and supporting enterprise security analytics platforms.
- Extensive hands-on experience administering and engineering:
- Splunk Enterprise Security (ES)
- Splunk SOAR
- Splunk UEBA
- Splunk Enterprise
- Extensive experience designing and managing CRIBL pipelines for enterprise log management and security telemetry.
- Experience developing detection content, correlation searches, dashboards, and security analytics.
- Strong understanding of SIEM architecture, log management, telemetry normalization, and security data engineering.
- Experience integrating enterprise security technologies including EDR, IDS/IPS, cloud security, identity platforms, vulnerability management, and network security tools.
- Experience with scripting or automation using Python, PowerShell, or similar languages.
- Strong understanding of MITRE ATT&CK, detection engineering methodologies, and Security Operations Center workflows.
- Excellent analytical and troubleshooting skills.
Preferred Qualifications
- Splunk Enterprise Certified Architect
- Splunk Enterprise Certified Admin
- Splunk Core Certified Power User
- CRIBL Certified Administrator or equivalent experience
- CISSP (Certified Information Systems Security Professional)
- GIAC Certified Enterprise Defender (GCED)
- Experience supporting federal government cybersecurity programs.
- Experience supporting custom security analytics platforms, including proprietary Security Fusion Center analytics solutions.
- Experience with ServiceNow Security Incident Response (SIR) integrations and workflows.
Knowledge, Skills, and Abilities
- Expert knowledge of Splunk Enterprise Security architecture, engineering, and optimization.
- Deep understanding of CRIBL data engineering, log routing, parsing, enrichment, and telemetry optimization.
- Ability to design scalable enterprise security analytics architectures supporting large and complex environments.
- Strong understanding of detection engineering, threat analytics, and adversary behavior.
- Ability to engineer integrations between enterprise security platforms and automate operational workflows.
- Experience evaluating emerging security technologies and recommending enterprise adoption strategies.
- Excellent collaboration skills with Security Operations, Threat Intelligence, Threat Hunting, Incident Response, and Security Engineering teams.
- Ability to translate operational requirements into scalable, maintainable security engineering solutions.
Compensation & Benefits
- Competitive salary
- Employer-paid health insurance premiums (medical, dental, vision)
- Employer-paid short/long term disability insurance and basic life/AD&D insurance
- 401K with a 4% employer contribution
- Professional development reimbursement options available (training, certification, education, etc)
- Flexible and remote work policies for most positions
- Paid Time Off (PTO) at a rate of three (3) weeks plus one (1) day per year of service up to four (4) weeks annually
- 11 paid holidays per calendar year
At SIXGEN, we are committed to fair and equitable compensation practices. The anticipated salary range for this role is $100,000 - $155,000 per year, depending on experience and qualifications. This range reflects our compensation philosophy, which takes into account various factors including the candidate's relevant experience, education, skills, LCATs rates and position level, and market competitiveness. In addition to base salary, employees may be eligible for other forms of compensation to include our growth incentive program, incentives and benefits. The final salary offer will be determined after a thorough review of the candidate's background and alignment with the role. Please note that this range is subject to change and should be considered as a guideline rather than a definitive figure.
Job details
Jobr Assistant extension
Get the extension →