CYBERDEFENSE SPLUNK (SIEM) EXPERT

BUCHAREST

ENGIE GBS ROMANIA

One of the world's leading energy companies, ENGIE is present across the entire energy chain, in electricity and natural gas, from upstream to downstream. By placing responsible growth at the heart of its businesses (energy, energy services and the environment), its mission is to meet major challenges: meeting energy needs, ensuring security of supply, combating climate change, and optimizing the use of resources.

GBS is part of ENGIE, partnering with the support functions for the ENGIE's Business Units and Corporate. It currently has 7 Business Support functions: purchasing, consulting, finance, real estate and logistics, legal, human Resources, information systems. By 2025, GBS is ENGIE's "transition maker" for support function excellence. Amplifying ENGIE's net zero mission, we provide a competitive edge through efficient operations, strategic resource allocation, and pioneering in culture and technology.

At ENGIE, every talent has a role to play in accelerating the energy transition. Make a difference and enjoy a fulfilling professional experience, take on exciting challenges, and shape the path that suits you. Join us and be part of the adventure of our century!

What you will do:

As a Splunk Administrator in the Global Security Operations Center (GSOC) on the “Detection & Automation” team, you will play a pivotal role in identifying, investigating, and mitigating cybersecurity threats within a complex and dynamic environment. Your primary responsibility will be to work collaboratively with other analysts, MSSP (Managed Security Service Provider) and CERT team to respond to and prevent cyber incidents, while ensuring the security and integrity of the organization's infrastructure. This is an advanced role that requires a deep understanding of security operations, incident response, and the latest cyber threat trends.

Work on the Splunk platform (8 TB of data per day) in collaboration with the Splunk team and expertise. The main tasks will be:

• Administering applications and managing user access within the Splunk platform.
• Performing regular maintenance and ensuring the stability of the platform.
• Designing and generating reports and dashboards to support operational and security needs.
• Managing data ingestion processes and overseeing the integration of data sources and logging equipment into Splunk.
• Ensuring the accuracy, consistency, and cleanliness of ingested data.
• Restoring log collection in the event of data loss or interruption.
• Communicating with internal teams and external clients, primarily in French &  English.
• Contributing to the expansion and evolution of monitoring and detection coverage.
• Supporting automation efforts for data integration and quality assurance workflows.
• Creating technical documentation and user guides for internal and external use.
• Participating in a shared on duty call rotation (6-person team) for Splunk and related tools.
• Assisting with migration and transformation initiatives related to Splunk or associated collection systems.
• Developing and deploying machine learning algorithms to enhance analytical and detection capabilities.
• Contributing to the creation of cybersecurity detection rules and implementation of use cases.
• Continuously proposing enhancements to tools, procedures, and incident response to strengthen threat detection and mitigation.
• Building dashboards and defining security metrics and KPIs.
• Engaging in internal security communities and contributing to knowledge sharing across teams.

Desired education, expertise, and skills: 

• At least 4 years of hands-on experience managing complex Splunk production environments, including Splunk Enterprise Security, Splunk ITSI, Splunk Cloud, and Splunk SC4S.
• Proven track record in designing, implementing, and optimizing detection rules.
• Solid experience in developing automation and support scripts using Python..
• Experience with ticketing systems and SLA management.
• Solid understanding of network security principles, operating systems
• Strong expertise with SPLUNK, Cortex XSOAR, EDR
• Knowledge of Cloud AWS, Microsoft Azure and Office 365 environments
• Scripting capabilities to automate repetitive actions
• Detection rules creation capabilities
• Splunk & AWS certifications
• Excellent English technical communication skills, both written and verbal  and French is essential (Level B1).
• Work independently.
• Good analytical and problem-solving skills.
• Navigate high-pressure situations with ease, maintaining focus on tasks and objectives.

Benefits:

• Private health insurance for you and your family;
• Opportunities for ongoing personal and professional development;
• Meal tickets;
• Work-life balance;
• Annual extended holiday entitlement, depending on the length of employment;

Only candidates selected for interviews will be contacted.

If you decide to send us your personal information in order to apply for this position, please be aware of our job candidate GDPR Data Privacy Notice: https://www.engie.ro/wp-content/uploads/2022/09/ER_Nota-de-informare-Candidati.pdf.

ENGIE is an Equal Opportunity Employer. Our commitment is unwavering: we do not discriminate based on race, color, age, sex, religion or religious creed, national origin, marital status, gender expression, genetic information, sexual orientation, ancestry, mental or physical disability, military or veteran status, or any other characteristic protected by law.