Cyber Security Data Analytics Engineer

The Cyber Security Data Analytics team at AIG is responsible for developing scalable, resilient, and high-availability solutions to collect and search against massive datasets in a complex, global environment. The Cyber Security Data Analytics organization is also responsible for interfacing directly with data producers in AIG, ensuring high quality, comprehensive data collection in Splunk across a complex, global IT environment.

This position may be performed 100% remote in any US state. Although this position is remote-work capable, we are looking for candidates who are able to work in the time zone hours of 8:00am - 5:00pm Eastern.

Reporting to the Cyber Security Data Analytics Content Development Manager, the engineer will work to normalize new data utilizing the Common Information Model, maintain relationships with data producers to ensure continuity of data during enterprise/infrastructure changes, and create and enforce logging standards. This engineer will also be responsible for developing content to support security and operational monitoring and alerting to various teams and lines of business utilizing Splunk and other third-party orchestration software.


  • Administration of Splunk and Splunk Enterprise Security and underlying infrastructure.

  • Parsing of data feeds to normalize events using the Common Information Model that will be utilized to feed various data models.

  • Building automation, dashboards, correlations, key performance indicators, and other various Splunk knowledge objects to empower security operations by improving the quality of their threat detection capabilities.

  • Drive the strategic and tactical direction for the Splunk platform; the team serves both the primary customer of Security Operations and provides Splunk as a Service to AIG global business units and information technology organizations.Qualifications

  • Bachelor of Science in Computer Science, Information Systems, Software Engineering, or any combination of education and relevant experience.

  • Prioritized certifications: Splunk Enterprise Certified Architect; Splunk Enterprise Certified Admin; AWS Certified Solutions Architect; Linux Foundation Certified Sysadmin/Engineer preferred.

  • Proven extensive technical experience in Cybersecurity and Information Technology, in both individual contributor and leadership roles.

  • Deep hands-on knowledge of Splunk and Splunk Enterprise Security to include the Splunk query language, configuration management, and underlying infrastructure.

  • Experience working in Linux and Windows based environments, including administration and engineering of solutions running on Linux and Windows OS.

  • Demonstrated success leveraging automation (eg Chef, AWS, Ansible), including bash/java/python scripting, to improve speed of infrastructure management and development.

  • 5+ years’ experience with aspects of AWS cloud architecture, including mechanisms for high availability, auto-scaling, and cost efficiency.

  • Demonstrated ability to coach direct reports and effectively manage talent and performance.

  • Strong ability to communicate via written and verbal communication in both formal and casual situations.

  • Demonstrated ability to handle stressful situations with calm effectiveness.