Description
About Betfair Romania Development:
Betfair Romania Development is the largest technology hub of Flutter Entertainment, with over 2,000 people powering the world’s leading sports betting and iGaming brands. Exciting, immersive and safe experiences are delivered to over 18 million customers worldwide, from our office in Cluj-Napoca. Driven by relentless innovation and commitment to excellence, we operate our own unbeatable portfolio of diverse proprietary brands such as FanDuel, PokerStars, SportsBet, Betfair, Paddy Power, or Sky Betting & Gaming.
Our Values:
The values we share at Betfair Romania Development define what makes us unique as a team. They empower us by giving meaning to our contributions, and they ensure that we consistently strive for excellence in everything we do. We are looking for passionate individuals who align with our values and are committed to making a difference.
Win together | Raise the bar | Got your back | Own it | Positive impact
About Flutter Functions:
The Flutter Functions division is a key component of Flutter Entertainment, responsible for providing essential support and services across the organization. The division encompasses various corporate functions, including finance, legal, human resources, technology, and more, ensuring seamless operations and strategic alignment throughout the company.
Role Overview
The job You will own the security data platform end to end. Design Cribl Stream pipelines that route, enrich, and filter log data. Engineer Splunk Cloud for production use: indexes, sourcetypes, field extractions, HEC endpoints. Build AWS ingestion infrastructure with CDK. Bring new systems into SOC monitoring from discovery through production cutover. Some days you are writing SPL to validate data quality before a system goes live. Other days you are building a CDK stack for cross-account S3/SQS ingestion. Other days you are optimizing pipeline volume because a noisy cluster is drowning out real signal. It is engineering work, every day
Key Accountabilities & Responsibilities:
Own and enhance the enterprise security data platform, ensuring reliable collection, enrichment, routing, and delivery of security telemetry.
Design, build, and optimize log ingestion pipelines using Cribl, Splunk Cloud, and AWS services to support security monitoring and incident response.
Engineer and maintain cloud-native data ingestion infrastructure using AWS CDK, S3, SQS, IAM, and Infrastructure as Code principles.
Manage Splunk Cloud data onboarding, including indexes, sourcetypes, field extractions, HEC endpoints, and data quality validation.
Develop automation and integrations using Python and APIs to improve operational efficiency and platform scalability.
Onboard new systems and services into the security monitoring ecosystem from requirements gathering through production deployment.
Optimize telemetry pipelines to improve data quality, reduce noise, and maximize the effectiveness of security detections and investigations.
Collaborate with Security Operations, Incident Response, Cloud Security, and Application Security teams to meet monitoring and investigative requirements.
Skills, Capabilities & Experience Required:
You have built things in Splunk: indexes, sourcetypes, SPL, HEC, field extractions.
You have designed and operated log pipelines at scale (Cribl preferred, Logstash/Fluentd also valued).
You build in AWS: S3, SQS, IAM, Infrastructure as Code You code in Python and automate API integrations.
You understand security data: what to collect, what to filter, what matters for detection.
Experience with Cribl Lake, Splunk ES, Grafana / Alloy, Sigma rules and Kubernetes logging.
Benefits:
Hybrid & remote working options
€1,000 per year for self-development
Company share scheme
25 days of annual leave per year
20 days per year to work abroad
5 personal days/year
Flexible benefits: travel, sports, hobbies
Extended health, dental and travel insurances
Customized well-being programmes
Career growth sessions
Thousands of online courses through Udemy
A variety of engaging office events
Disclaimer:
We are an inclusive employer. By embracing diverse experiences and perspectives, we create a lasting, positive impact for our employees, customers, and the communities we’re part of. You don't have to meet all the requirements listed to apply for this role. If you need any adjustments to make this role work for you, let us know, and we’ll see how we can accommodate them.
We thank all applicants for their interest; however, only the candidates who best meet the job requirements will be contacted for an interview.
By submitting your application online, you agree that your details will be used to progress your application for employment. If your application is successful, your details will be used to administer your personnel record. If your application is unsuccessful, we will retain your details for a period no longer than three years, to consider you for prospective roles within the company.
