Splunk Enterprise Security (ES) Consultant - remote

System One Holdings, LLC

$90K — $130K *
US-AnywhereRemote in Arlington, WI
Information Technology
Less than 5 years of experience
Today
Be an Early Applicant
Job Overview by Ladders

Qualifications

  • Several years of hands-on Splunk experience with ES implementation and content development
  • Strong proficiency in SPL and regular expressions
  • Scripting skills in Python, Perl, or Bash
  • Deep understanding of CIM and data normalization
  • Experience managing clustered Splunk environments in SOC or NOC settings
  • Background in SIEM data modeling at scale
  • Proficient in Linux, especially in maintaining Splunk configurations
  • Excellent consultative skills to collaborate with client teams

Responsibilities

  • Develop custom detection content such as correlation searches and alerts to identify threats
  • Build and maintain Splunk Apps and Technology Add-ons
  • Onboard and normalize data sources according to the Common Information Model
  • Optimize data flow and ingestion processes
  • Configure notable event actions and Adaptive Responses
  • Tune detections to reduce noise and enhance critical alerts
  • Create dashboards to visualize security metrics and trends
  • Support and optimize large clustered Splunk environments
  • Collaborate with client security teams to troubleshoot integration issues
  • Document key processes, procedures, and engineering decisions

Benefits

  • Health and welfare benefits including medical, dental, and vision coverage
  • Spending accounts for health-related expenses
  • Life insurance and voluntary insurance plans
  • Participation in a 401(k) retirement plan
Full Job Description
Splunk Enterprise Security (ES) Consultant - remote

Remote - offsite
Responsibilities
  • Develop custom detection content: correlation searches, notable events, alerts, reports, and visualizations to surface threat activity
  • Build and maintain Splunk Apps and Technology Add-ons (TAs)
  • Onboard new data sources and normalize them to the Common Information Model (CIM)
  • Optimize data flow and ingestion using aggregation, filtering, and pipeline tuning
  • Configure notable event actions, action menus, and Adaptive Responses
  • Tune detections to cut noise and surface what matters, including risk-based alerting where applicable
  • Build dashboards that highlight anomalies, trends, and security and operational metrics
  • Support and optimize large distributed clustered Splunk environments (search heads, indexers, forwarders, deployment servers)
  • Partner with the client's security and SOC teams, debug complex integration and configuration issues
  • Document processes, procedures, and key engineering decisions

Requirements
  • Several years of hands-on Splunk experience, with real ES implementation, content development, and tuning
  • Strong SPL and regular expressions
  • Scripting in Python, Perl, or Bash
  • Solid grasp of CIM and data onboarding and normalization at scale
  • Experience supporting clustered Splunk environments in SOC or NOC settings
  • SIEM data modeling experience on a platform at scale
  • Proficiency in Linux, including editing and maintaining Splunk config files and apps
  • Comfortable working consultatively with client teams and explaining the why behind the work
  • Splunk certifications (Core Certified Consultant, ES Certified Admin, Architect) are a plus but not required
  • Demonstrated ES delivery experience carries more weight than paper

System One not only serves as a valued partner for our clients, but we offer eligible employees health and welfare benefits coverage options including medical, dental, vision, spending accounts, life insurance, voluntary plans, as well as participation in a 401(k) plan.
#LI-KA1
#M1

Ref: #856-Baltimore-S1
* Ladders Estimates

Similar Jobs

Ad banner background

Get Ready For Your
Next Interview

More Jobs at System One Holdings, LLC

More Information Technology Jobs

Find similar Splunk Enterprise Security (ES) Consultant - remote jobs:

NationwideRemote