Certified Splunk Developer (Threat Detection domain)

Posted 8 hours 12 minutes ago by Base 3

Contract
Not Specified
Other
Brussel, Brussel (Stad), Belgium
Job Description

Note

  • Candidates should be based in Belgium, France or The Netherland
  • The client will accept UK based candidates if they use an accredited umbrella company for this assignment
  • 8 days a month at a clients office is mandatory of which preferable 4 days in the Brussels office

Your Role:

  • Responsible for the development and maintenance of correlation searches and dashboards on the SIEM (Splunk ES) platform.
  • Collaborate with the Manager of Detection & Response Engineering and will work jointly with threat intelligence, design, engineering and response teams, to gather and define requirements, specify clear priorities, evaluate technical trade-offs, and build and maintain threat detection capabilities.

Your qualifications required:

  • Proven expertise across the full SIEM detection engineering life cycle, including hypothesis-driven detection design, structured testing, validation, false-positive reduction, operational deployment, and continuous refinement.
  • In-depth knowledge of key security telemetry sources, including Windows Event Logs, Sysmon, Linux audit logs, Firewall and Proxy logs, cloud security logs, and EDR telemetry.
  • Advanced SPL proficiency with deep understanding of the Splunk Common Information Model (CIM), Data Models, and performance optimization (search acceleration, summary indexing, Data Model acceleration).
  • Experience applying the MITRE ATT&CK framework for behaviour-based detection design, threat mapping, and coverage analysis.
  • Hands-on experience with data onboarding quality assurance, including field extraction verification, CIM compliance testing, sample-based validation, and ensuring schema correctness across log sources.
  • Ability to work with deeply nested JSON telemetry and complex field structures.
  • Proficiency with log parsing and field extraction techniques, including regex, event normalization, and verification of correct field mapping across diverse log sources.
  • Experience using Git-based version control (Azure DevOps), including branching, pull requests, peer reviews, and structured promotion workflows for YAML-based detection rules
  • Strong foundational understanding of network, endpoint, and cloud security concepts relevant to detection engineering.