Technical & Bus Analyst - Data & Applications
Role details
Job location
Tech stack
Job description
-
Validate log types, formats, schemas, and logging methods (syslog, API, CloudTrail, JSON, custom formats).
-
Define onboarding requirements including event types, fields, timestamps, user identity, error codes,
-
and security-critical attributes.
-
Evaluate logs for completeness, reliability, and compliance with industry standard schemas.
-
Map log sources to Splunk's Common Information Model (CIM) or equivalent normalization frameworks.
-
Log parsing, field extraction, enrichment, and timestamp normalization.
-
Development of CIM-compliant extractions for all new log sources.
-
Documentation of field dictionaries, mappings, and SIEM source type definitions.
-
Validation of proper taxonomy alignment across categories such as:
o Authentication o Authorization o Application activity o Network activity o Security events o Error/failure conditions o Administrative and privileged actions
-
Mapping application behaviors to relevant attack techniques (MITRE ATT&CK).
-
Identifying and documenting detection opportunities.
-
Authoring and implementing:
o Correlation searches o Behavioral detections o Anomaly models o High-fidelity alert logic
- Ensuring each detection has:
o Defined data dependencies o Operational owner o Severity/priority rating o Triage response play
- Operationalizing detections into Security Operations Runbooks, including:
o Preconditions
- Indicators & patterns
Requirements
Must Have Technical/Functional Skills Technical Expertise
-
5+ years working with SIEM platforms (Splunk preferred).
-
Advanced experience with CIM, ECS, or equivalent log normalization schemas.
-
Strong understanding of:
o JSON logging o Syslog/NXLog o Cloud logging architectures (AWS/GCP/Azure) o Application security telemetry o OSQuery / EDR / DNS / WAF logs
- Proven ability to write:
o Source type definitions o Field extraction rules o Correlation logic o Detection playbooks Cybersecurity Knowledge & Competency
-
Familiarity with MITRE ATT&CK, SIGMA rules, NIST 800-53 frameworks.
-
Experience supporting SOC, IR, SIEM, Detection Engineering, or Threat Ops teams.
-
Understanding modern attack techniques, identity abuse patterns, and cloud threats.