Security Engineer - SIEM (Splunk) Platform & Operations

Samsung SDS America (SDSA) serves as the U.S. technology and innovation hub for Samsung’s global enterprise solutions, delivering secure, scalable, and high‑performance IT services that support some of the world’s most complex business environments. As SDSA continues to expand its cloud, mobility, analytics, and cybersecurity capabilities, maintaining a resilient security operations foundation is essential to protecting the company’s digital assets and ensuring uninterrupted service delivery.

Position Summary:

As Security Engineer, you’ll join the Cybersecurity Operations team, where you’ll serve as the frontline detective monitoring and correlating real‑time threat data from firewalls, cloud assets, EDR, and AI‑driven platforms like Darktrace. You’ll design, tune, and optimize Splunk Enterprise Security dashboards, detection rules, and correlation searches to cut false positives while delivering rapid, high‑fidelity alerts. Leveraging your experience SOC environments, you’ll lead deep incident investigations, spearhead proactive threat‑hunting missions, and drive remediation priorities based on risk and business impact. Collaboration is key: you’ll partner with global engineers, cloud specialists, and incident‑response teams to continuously improve our security posture and document best‑practice playbooks.

Responsibilities:

• Monitor and analyze security event logs from multiple sources, including firewalls, intrusion detection/prevention systems, endpoint protection platforms, servers, cloud environments, and tools like Darktrace, to identify potential threats.
• Monitor, triage, and investigate alerts and logs within the Splunk SIEM and Splunk Enterprise Security (ES) platform.
• Assist in improving SIEM processes, detection coverage, alert fidelity, and operational workflows including creating dashboards
• Support the onboarding and integration of logs from enterprise systems into the Splunk environment.
• Validate log source completeness, data normalization, rule logic, and alert relevance across critical systems and infrastructure
• Perform initial analysis of security events, escalate incidents when appropriate, and assist with root cause identification.
• Conduct in-depth investigations of security incidents and recommend remediation and containment actions.
• Conduct proactive threat hunting using SIEM, EDR, CASB, and network detection tools, such as Darktrace, to identify suspicious activity that may have bypassed traditional controls.
• Tune and optimize correlation searches, detection rules, dashboards, and use cases to improve operational efficiency and reduce false positives.
• Prioritize remediation efforts based on risk, severity, and business impact.
• Participate in incident response activities and support threat hunting initiatives as needed.  
• Collaborate with cross-functional teams to respond effectively to cybersecurity incidents and strengthen overall security posture.
• Create and maintain documentation for log flows, detection use cases, triage procedures, playbooks, cybersecurity processes, and operational standards.

• Bachelor’s degree in Computer Science, Information Security, Information Assurance, or a related field; Master’s degree preferred.
• 3+ years of experience in a cybersecurity operations or related security role.
• 2+ years of hands-on experience administering Splunk Enterprise Security (ES).
• Strong hands-on experience with Splunk log ingestion, data normalization, search heads, indexers, SPL query development, and dashboard optimization.
• Knowledge of detection engineering, correlation rule development, and incident response workflows.
• Proven experience in threat analysis & incident response.
• Strong understanding of security log sources, including Windows and Linux servers, firewalls, endpoint tools, cloud infrastructure, and network detection platforms, such as Darktrace.
• Experience triaging and analyzing security alerts in complex, multi-platform enterprise environments.
• Familiarity with cloud platforms such as AWS, Azure, or similar environments.
• Strong analytical, communication, and collaboration skills, with the ability to clearly present findings and recommendations.
• Ability to work effectively across diverse global teams and adapt to evolving business and technical environments.
• Curious, resilient, and data-driven, with a proactive approach to solving security challenges.

Preferred Qualifications:

• Relevant certifications such as Splunk Enterprise Security Certified Admin.
• Experience with supporting tools such as Darktrace, Crowdstrike, or Netskope are highly preferred
• Active knowledge & experience with rule creation & executing correlation searches in Splunk.

Samsung SDSA offers a comprehensive suite of programs to support our employees:

• Top-notch medical, dental, vision and prescription coverage
• Wellness program
• Parental leave
• 401K match and savings plan
• Flexible spending accounts
• Life insurance
• Paid Holidays
• Paid Time off
• Additional benefits

Samsung SDS America, Inc. is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity or expression, national origin, disability, status as a protected veteran, marital status, genetic information, medical condition, or any other characteristic protected by law.

We are committed to providing reasonable accommodations to participate in the job application or interview process for candidates with disabilities. Please let your recruiter know if you need an accommodation at any point during the interview process.

The base pay range for this role depends on appropriate skills, experience, and technical level. Career Level 2 base salary is USD $125,000-175,000.

Individual base pay depends on various factors, in addition to primary work location, such as complexity and responsibility of role, job duties/requirements, and relevant experience and skills.

Certain roles are eligible for additional rewards, including annual bonus. U.S.-based employees have access to medical, dental, and vision insurance, a 401(k) plan and company match, short-term and long-term disability coverage, basic life insurance, and wellbeing benefits, among others. U.S.-based employees also receive, per calendar year, up to 10 scheduled paid holidays, and Paid Time Off.