Splunk Developer (SIEM Team)

Description:

Abra Professional Services is seeking a Splunk Developer.

We are looking for a skilled Splunk Developer to join a SIEM team within a leading financial organization. The role involves developing and maintaining Splunk-based security solutions, integrating log sources, creating dashboards and detection content, and enhancing monitoring capabilities across the organization's cyber security environment.

This role requires strong expertise in Splunk Enterprise/Cloud, advanced SPL development, Python programming, and React development, alongside a deep understanding of SIEM and security monitoring technologies.

A full-time, on-site position, based in Central Israel.

Key Responsibilities:

• Develop and maintain solutions on the Splunk platform.
• Design and build advanced dashboards, reports, alerts, and saved searches.
• Create, optimize, and maintain detection rules and monitoring content.
• Integrate and onboard new data sources using Syslog, HEC, REST APIs, and other ingestion methods.
• Develop backend components and automations using Python.
• Build and maintain internal operational tools and user interfaces using React.
• Perform performance tuning and search optimization across the Splunk environment.
• Collaborate with cyber security, infrastructure, and operations teams to improve monitoring and detection capabilities.

Requirements:

• 3+ years of hands-on experience with Splunk Enterprise and/or Splunk Cloud.
• Strong experience writing advanced SPL queries, including joins, stats, tstats, transactions, and lookups.
• Experience developing and maintaining dashboards, alerts, reports, and saved searches.
• Experience implementing and managing data inputs via Syslog, HEC, and REST APIs.
• Strong understanding of indexes, sourcetypes, props.conf, and transforms.conf.
• Experience with Splunk performance tuning and search optimization.
• 2+ years of Python development experience.
• Experience working with REST APIs, JSON/XML parsing, and data normalization.
• Experience developing applications with React, including Hooks, Components, and State Management.
• Strong knowledge of JavaScript ES6+, HTML, and CSS.

Advantages:

• Experience with Splunk SOAR.
• Experience in Cyber Security, SIEM, or SOC environments.
• Experience integrating with cloud platforms (AWS, Azure, GCP).
• Experience integrating security tools such as EDR, IAM, and CI/CD solutions.
• Experience working with Git and CI/CD pipelines.
• Familiarity with Docker and Kubernetes.
• Splunk certifications (Power User, Admin, Architect).
• Academic degree in Computer Science, Information Systems, Cyber Security, or a related field