Cribl and Splunk Intel Developer

Job Description

Job Overview:

We are seeking a highly skilled Cribl & Splunk Threat Intelligence Developer to integrate and optimize threat intelligence within Cribl and Splunk environments. The ideal candidate will have expertise in pipeline management, lookups, and handling large datasets for retroactive queries.

Key Responsibilities:

Integrate threat intelligence data into Cribl pipelines and Splunk systems.

Design, configure, and maintain Cribl pipelines, including lookups and data routing.

Optimize large datasets for efficient processing and retroactive querying.

Develop and maintain Splunk content, including dashboards, reports, alerts, and lookups.

Enhance Splunk queries for large-scale retroactive data analysis.

Collaborate with security teams to refine data ingestion and processing strategies.

Troubleshoot data ingestion, transformation, and query optimization issues.

Required Qualifications:

3+ years of hands-on experience with Cribl pipeline management and data optimization techniques.

Proficiency in Splunk, including content development and dashboard creation.

Experience handling large datasets and optimizing queries for performance and scalability.

Understanding of threat intelligence integration into security analytics platforms.

Strong troubleshooting skills and the ability to work in a fast-paced environment.

Preferred Skills:

Experience with Splunk Enterprise Security (ES) and SIEM platforms.

Knowledge of log management, data enrichment, and normalization.

Familiarity with SPL (Search Processing Language) and scripting languages such as Python, Shell, or PowerShell.

Strong problem-solving skills with the ability to work independently and collaboratively.