Honeywell’s Global Security (HGS) business believes in integrating security into all aspects of our business to protect the people, processes, and assets by which Honeywell achieves its greater mission. Advancements in technology, contractual and regulatory requirements, emerging threats, and Honeywell's growth worldwide continue to challenge all of us to ensure everything we do in business is secure.

• A minimum of 3 years experience with Splunk ES, Splunk core, or similar security tools focused on system administration, alerting, data exploration, analysis, and visualization.
• Strong communication skills and demonstrated ability to lead projects across a variety of Teams in a large corporate environment.
• Understanding of cloud and hybrid cloud environments, and security frameworks such as MITRE ATT&CK, OWASP, and NIST.
• Understanding of the evolving threat landscape and current attack tools to gain unauthorized access to enterprise environments.
• A plus for CompTIA and Security + Certification.
• A desire to solve complex problems by digging into logs and technical details

WE VALUE:

• Potential to unlock USG Security Clearance.

• Knowledge of defense, intelligence, and cyber security incident response process and procedures.

• CISSP Certification or equivalent DoD 8570 Certification.

• Splunk certifications.

• Splunk Administration and Knowledge Object Management:Provide administrator-level support to a Splunk Enterprise Security deployment including field extractions/CIM compliance, data model configuration, Assets & Identities maintenance, and health monitoring of the deployment. Experience managing the underlying infrastructure of a Splunk deployment highly desired.

• Leverage Search Processing Language (SPL), develop Splunk apps, analyze complex data, interpret insights, create visualizations, and integrate Splunk with other security tools.

• AUTOMATION: Leverage scripting languages (Python, PowerShell) to automate tasks and manipulate data. Connect and integrate various security tools via code and API’s to improve workflows, reduce manual effort, and ensure repeatability. Some tooling examples include Microsoft Defender, Splunk, Recorded Future, and Qualys.

• Experience developing SOAR playbooks is a plus.

• DETECTION ENGINEERING: Review Threat Intelligence documents and be able to synthesize Threat Actor behaviors, align them to MITRE ATT&CK, and craft working queries to identity these behaviors in a large corporate environment. Understand the lifecycle of a detection rule, how to tune benign activity, and test your detection logic.

Experience writing KQL detections in Defender: