The Splunk Engineer will report to the SOC Director and Deputy Directory and will provide overall engineering and design support for a very large distributed Splunk environment consisting of heavy forwarders, indexers, and search head servers, spanning security, performance, and operational roles. The Splunk Engineer will support the full system engineering life-cycle, including requirements analysis, design, development, integration, test, documentation, and implementation following defined best practices and operational workflows.
The Splunk Engineer should be familiar with recognizing and onboarding new data sources into Splunk, analyzing the data for anomalies and trends, and building dashboards highlighting the key trends of the data. The Splunk Engineer should be familiar with Windows and Linux environments, editing and maintaining Splunk configuration files and apps.
The Splunk Engineer will work with other Cybersecurity Engineering team members and will be required to interact with end users to gather requirements, perform troubleshooting, and provide assistance with the creation of Splunk search queries and dashboards. The Splunk engineer will be required to interact with senior management, as necessary.
-Designing, engineering, configuring and administering Splunk content.
-Assisting in the proper operation and performance of Splunk, plug-ins, loggers and connectors.
-Building Splunk reports.
-Developing dashboards with visual metrics for stakeholders.
-Defining strategy and design around data collection, aggregations, and summarization processes.
-Integrating external data sources into Splunk.
-Enforcing best practices related to summarizing and querying data.
-Developing advanced scripts for the manipulation of multiple data repositories to support analyst requirements.
-Partnering with other enterprise teams to support data capture and advanced data analytics and forecasting efforts to support proactive identification of issues.
-Providing recommendations and implement changes to optimize Splunk products in the customer environment.
-Designing the Splunk system solution to meet growth while maintaining a balance between performance, stability, scalability and agility.
-SIEM content management.
-Ability to develop use cases, search and reporting scripts.
-Create, optimize, and continuously evaluate security monitoring content (correlated searches/alerts) on Splunk ES.
-Set up and configure Splunk search servers, deployment servers, clustered indexers, and forwarders, as required.
-Configure Splunk integration points and verify functionality in the technical evaluation environment.
-Document build procedures and customizations to provide inputs to functional and operational requirements.
-Create custom reports for ingestion to RSA Archer Dashboard.
-Demonstrate innovative influence for projects.
-Problems faced are difficult and often complex.
-Strong understanding of root causes of malware infections and proactive mitigation.
-Strong understanding of lateral movement and footholds.
-Strong understanding of data exfiltration techniques. Demonstrated ability in critical thinking, problem solving, and analytics.
-Enjoy analyzing patterns looking for outliers.
-Enjoy creating ways to find needles in haystacks.
-Have real world experience analyzing complex attacks and understand TTPs of threat actors.
-Define relationships between seemingly unrelated events through deductive reasoning.
-Experience in network/host based intrusion analysis, malware analysis, forensics, and cyberthreat intel.
-Knowledge of advanced threat actors and complex attacks.
-Possess excellent writing skills and the ability to communicate to technical and executive level staff.
-Quick study with new tools.
-Knowledge and experience with Splunk and other cyber tools.
-Bachelor's Degree in a relevant major from an accredited college or university with 14+ years of continuous and progressive experience.
-Demonstrated 7+ years knowledge and hands-on experience in security with an emphasis in engineering design, system analytics, operations and maintenance of a variety of security technologies used for security defense areas such as: network, storage/back, platforms (Windows/Linux Servers and desktops).
-5 years of experience with Splunk, networksecurity, system security, and supporting security information and event management (SIEM).
-Demonstrated experience in the implementation of information engineering projects; systems analysis, design and programming using standard tools and methods.
-Promote a risk-aware culture, ensure efficient and effective risk and compliance management practices by adhering to required standards and processes.
-The candidate must have experience in designing, implementing, and maintaining a fully operating SIEM solution.
-Strong technical knowledge of Amazon AWS products and services, such as EC2, BeanStalk, Lambda, VPC, Route53, Amazon FW, API Gateway, ELB, CloudTrail, CloudFront, and etc.
-Strong knowledge of information security concepts, trends, and practices.
-Working knowledge of various network and security systems.
-Familiarity with basic statistics/probability and Big Data analytics techniques such as SVM, logistics regression, Kmeans, and Naives Bayes.
-An ability to learn quickly, and a passion for solving technical problems.
-Superior written and oral English communication skills is essential.
-Highly developed, process-oriented skills for troubleshooting, problem solving, and problem resolution.
-Good knowledge of networking concepts.
-Familiarity with XML and HTML, CSS, XML tasks.
-Ability to perform shell, Python and PERL scripts.
-Prior supervisory or technical team lead experience.
-Knowledge of network routing and switching fundamentals to include knowledge of Multiprotocol Layer Switching (MPLS).
-Deep technical understanding of operating systems, networkarchitecture and design, Active Directory (AD) application log consumables, systems design as well as superior knowledge of technical operations process and procedures.
-Knowledge of encryption, key management and cryptology.
-Knowledge with the Risk Management Framework (NIST 800-37), Security Controls as described in NIST 800-35, and the -Federal Information Security Modernization Act (FISMA) operating standards and applicable guidelines.
-Practical knowledge of performing threat modelling, risk analysis, root cause analysis, risk identification, and risk mitigation.
-Experience planning and implementing secure networking practices such as: application segmentation, network segmentation, NAC and other access control testing/validation, updating access control SOPs.
-Ability to configure and develop an enterprise SIEM solution including signature tuning, development of correlation rules, reports, and alarms.
Gets you Bonus Points:
-Splunk Certified Admin
-Splunk Certified Power User
-Splunk Certified Architect
-Splunk Certified Architect II
No Corp-To-Corp Or Third Party Recruiters; W-2 Direct Hire Only.