Analyst Cyber Security

Salt River Project   •  

Phoenix, AZ

Industry: Energy & Utilities

  •  

5 - 7 years

Posted 22 days ago

SRP is one of the largest public power and water utilities in the U.S. providing electricity to approximately one million customers in the greater metropolitan Phoenix area. Since its founding in 1903, SRP has fostered a culture of stewardship and customer service consistently ranking as an industry leader in customer service according to J.D. Power. SRP continues to adapt to its changing business environment by seeking innovative ways to reimagine utility service and the provision of critical resources essential to the life and economy of Arizona.

Job Brief

This opening is for one of the primary administration positions in charge of SRP's Splunk environment used to support SRP's Cyber Security Operations Center (SOC) which is responsible for monitoring of, responding to, and mitigating cyber security events across the enterprise. The selected candidate will oversee day-to-day support of Splunk as well as longer term planning to ensure the environment continues to evolve to meet the needs of Cyber Security. The selected candidate will work with operations analysts to improve SOC processes and procedures to ensure they are appropriately utilizing and realizing the benefits of Splunk capabilities.

Job Responsibilities

Administer SRP's distributed Splunk environment for Cyber Security including:

  • Day-to-day administration and maintenance activities
  • Managing onboarding, offboarding and monitoring of various log sources
  • Develop and maintain dashboards, queries, scripts and Splunk apps to support and improve cyber security operational practices
  • Plan and execute upgrades to Splunk and Splunk apps
  • Ensure the environment and data collection complies with SRP policies and compliance requirements
  • Coordinate with other SRP departments as needed to support Splunk activities

Assist cyber security operational and incident response activities

Education

Completion of a Bachelor's Degree from an accredited institution that prepares the employee for the assignment.

Additional Information

Splunk administration or architect certifications a plus.

Preferred Experience:

  • 5+ years of experience working in Information Technology and/or Information Security roles
  • Prefer 2+ years of experience administering a distributed Splunk environment (index clusters, search head clusters, universal and heavy forwarders, deployment server)
  • Experience managing Linux servers (CentOS or RedHat)
  • Experience with installing and configuring Splunk Apps
  • Experience with Python and shell scripting a plus
  • Experience with Splunk App for Enterprise Security a plus

Work schedule supports options such as flexible start time, partial telecommute, and alternate work week days off. Travel occasionally required for industry training and conferences that cannot be found locally.