Senior Splunk Specialist

Company Description

Founded and headquartered in Switzerland, Avaloq is continuously expanding its global footprint with around 2,500 colleagues in 10 countries, and more than 160 clients in 35 countries. We are an industry-leading provider of wealth management technology and services for financial institutions around the world, including private banks and wealth managers, investment managers, as well as retail and neo banks. Our research led approach and continual innovation is powered by the passion and creativity of our colleagues.
We are always looking for talented people to join us on our mission to orchestrate the financial ecosystem and democratize access to wealth management. Avaloq offers the opportunity to work closely with some of the world’s leading financial institutions as we jointly develop and shape careers. Championing a collaborative, supportive and flexible work environment empowers our colleagues to reach their full potential.

**Job Description**:
**Your team**

You are part of the Security Operations team within the Chief Information Security office at Avaloq. Your team supports the security systems and processes across APAC to protect our internal and external clients. The team is responsible for administering security systems, develop security standards, manage, and resolve security incidents, provide guidance on security matters, among others. We collaborate with cybersecurity teams and specialists spread out globally across Avaloq and are thoroughly excited by the challenges that come our way.

In this position, you will focus on the management and operation of our Splunk Cloud and on-premises infrastructure. Additionally, you will help the Team in the identification, analysis, and response creation to cyber security threats. This also includes the incorporation of adequate threat intelligence feeds, onboarding of new log feeds, creation of new use cases and integrating various security processes and tools. You will closely work with our suppliers in the service chain for security monitoring.

You can expect a demanding and complex international environment, which is highly stimulating and encouraging. The international growth of the company demands your structured and innovative approach, as well as flexibility to a high degree. As a committed team player, you will support developing the maturity of the security operations, its controls, tools, and processes.

**Your key tasks**
- Lead, maintain and expand the DevOps cycle of our Splunk Cloud and on-premises infrastructure
- Create and fine-tune use cases and reports
- Onboarding of new log feeds
- Lead threat intelligence integration and optimization
- Assist the security analysts in investigations
- Participate in the security operational risk management activities as part of the Enterprise Risk Management to identify threats and institute appropriate security programs.
- Support and maintain the APAC’s Information Security Management System (ISMS) to assure continuous compliance with regulations, laws, and contractual obligations by adopting and deploying industry and market standards and accepted best practices.
- Support team’s operations with weekend and on-call support as required.

**Qualifications**:
**What you need**
- Solid know-how of Splunk Enterprise Security
- Minimum 3 to 5 years of experience in a similar role, i.e., in a combination role of security risk, information security and IT.
- Fluent in English (both written and verbal)
- Proven experience in Cloud DevOps
- Proven experience in developing scripts (Bash, Python, PowerShell etc...) and Splunk custom Applications with REST API to support data collection and integration
- Ability to write complex data extraction SPL queries using regular expressions over structured and unstructured data
- Strong understanding of Data Models and CIM compliance
- Experience in:

- managing Splunk Search Heads & Indexer Clusters
- deploying Splunk configurations across Splunk forwarders
- managing access controls over LDAP or similar authentication methods
- developing searches, reports, and dashboards
- managing upgrades for Splunk clustered infrastructure
- troubleshoot and identify performance issues/bottleneck both in Splunk and Infrastructure
- creating predictive and anomaly detection leveraging Splunk Machine Learning toolkit.

**It would be a real bonus if you have **(max. 3 bullet points)
- Splunk Certifications (Administration & Architect)
- Information and Cyber Security certificates like CISSP, OSCP, SANS, CREST or similar.
- AWS Certifications (Solutions Architect / DevOps Engineer)
- Working experience with management of threat intelligence feeds, vulnerability scanners and security analysis tools.
- Proven experience with SQL (Oracle, DB2, PostgreSQL etc.,)
- A strong motivation to work in Cyber Security
- Practical experience in security orchestration and automation (SOAR)

Additional Information

We realize that managing work life balance is a challenge