Job Title: Incident Response Security Analyst (Blue Team) – Splunk Specialist
Location: Shanghai, China
Job Type: Contract
Experience Level: 3+ years
Language Requirement: Fluent English (Mandarin a plus)
Rate: ¥2,500 – ¥4000 CNY/day
Job Summary
We’re hiring a skilled Incident Response Security Analyst with a strong focus on Blue Team operations and Splunk platform expertise. You will be a critical member of the cybersecurity team, leading real-time detection, incident response, forensic analysis, and managing the operational health of the Splunk environment. This role is ideal for professionals with hands-on security operations center (SOC) experience and a passion for proactive defence.
Key Responsibilities
Threat Detection & Monitoring
- Monitor security alerts and telemetry across SIEM, EDR, IDS/IPS, and NDR tools
- Analyse threat intelligence and behavioural patterns to develop and tune custom detections
- Identify gaps in visibility and recommend enhancements
Incident Response
- Lead response to security incidents, coordinate mitigation actions, and document root cause analysis
- Perform forensic investigations (disk, memory, network) and assess impact
- Maintain and test incident response playbooks and escalation procedures
Splunk Platform Management
- Oversee day-to-day Splunk operations: ingestion, parsing, dashboarding, and system health
- Create and optimize alerts, correlation rules, custom searches, and dashboards
- Support Blue Team operations with proactive analytics and data insights
Collaboration & Reporting
- Liaise with IT, DevOps, and application teams to embed security in the system lifecycle
- Deliver clear and concise incident reports, security metrics, and operational updates
- Provide mentorship and technical guidance to SOC analysts and junior responders
Requirements
Education & Certifications
- Bachelor's degree in Cybersecurity, Computer Science, or related discipline
- Preferred certifications: CHFI, CEH, CompTIA Security+, GSEC, or equivalent
Experience
- Minimum 3 years of experience in security operations, ideally in CSIRT or Blue Team roles
- Strong understanding of Splunk architecture (HF, UF, Indexers, CM, deployment server)
Technical Skills
- Proficient in SIEM (Splunk), EDR, IDS/IPS, and threat detection tools
- Comfortable with scripting: Python, PowerShell, Bash
- Familiar with MITRE ATT&CK, NIST, ISO 27001, and other security frameworks
- Experience in Linux/UNIX and Windows environments
Nice to Have
- Experience with Cribl, Databricks, or other big data tooling
- Familiarity with data pipelines and log management optimization
Soft Skills
- Strong analytical and investigative mindset
- Excellent communication and reporting skills
- Highly collaborative, proactive, and self-driven
Why Join Us?
Join a cutting-edge security team supporting ecommerce infrastructure at scale. If you're passionate about security, data, and protecting digital assets, this is your opportunity to lead from the front in a high-visibility, high-impact role.