Job Description

ECCO Select is a talent acquisition and consulting company specializing in people, process and technology solutions. We provide the talent behind the technology enabling our clients to achieve their goals. For more information about ECCO Select, visit us at .

Position Title: Splunk UBA Engineer

Location Information: Doral, FL

Position Responsibilities:

• Deploy, configure, and maintain the Splunk UBA platform, including data ingestion, normalization, and threat model tuning.

• Deploy UBA cluster designing the build.

• Ingest and map logs from various sources (e.g., Active Directory, VPN, firewalls, proxy, endpoint, etc.) into UBA.

• Develop and refine behavioral baselines and anomaly detection models to identify suspicious or malicious activity.

• Tune and customize threat models to align with organizational risks and reduce false positives.

• Collaborate with the SOC and threat detection teams to operationalize UBA detections through risk scoring, notable events, and incident response workflows.

• Build and maintain dashboards, entity timelines, and investigative tools within UBA to support threat hunting and investigations.

• Integrate UBA output with Splunk Enterprise Security (ES) or SOAR platforms for automated response and triage.

• Continuously evaluate new data sources, use cases, and detection strategies to enhance UBA capabilities.

• Document procedures, configurations, and threat model customizations.

Essential Skills & Expertise:

• 2–4 years of experience in security engineering, threat detection, or security analytics.

• Hands-on experience with Splunk UBA and a strong understanding of behavior-based threat detection.

• Proficiency in log analysis and understanding of common data sources (AD, EDR, firewalls, VPN, etc.).

• Knowledge of machine learning basics, anomaly detection, and risk-based scoring concepts.

• Strong grasp of attack vectors such as lateral movement, privilege escalation, and insider threats.

• Ability to write clear documentation and communicate findings effectively.

Qualifications:

• Experience with Splunk Enterprise Security (ES) and/or SOAR integrations.

• Familiarity with MITRE ATT&CK and threat detection frameworks.

• Background in scripting (Python, PowerShell) and API-based data integrations.

• Splunk certifications such as Splunk Core Certified Power User or Splunk UBA Certified Admin.

ECCO Select is committed to hiring and retaining a diverse workforce. Our policy is to provide equal opportunity to all people without regard to race, color, religion, national origin, ancestry, marital status, veteran status, age, disability, pregnancy, genetic information, citizenship status, sex, sexual orientation, gender identity or any other legally protected category. Veterans of our United States Uniformed Services are specifically encouraged to apply for ECCO Select opportunities.

Job Tags

Similar Jobs