As the Splunk Security Services Engineer, you will be a Splunk security expert. Your role is responsible for architecting, deploying and configuring Splunk products on behalf of Kinney Group customers. A background in System Administration, Security, consulting, and troubleshooting will prepare you well for this opportunity. It’s important you focus on core Splunk installations and gathering Splunk data across the enterprise, to feed into core Splunk and Splunk Apps. Additionally, as Splunk Development Engineer you will play a central role in expanding the Kinney Group IT Operations and Analytics practice.
Attaining the professional services revenue goals of the engineering team by demonstrating sound decision making, disciplined technical execution and domain expertise, and a relentless focus on customer experience will be critical to your position. Kinney Group will invest in training and development for team members to maintain current in new technology and tools, which serve our current and future commercial and Federal customers. While this role does not require specific Splunk training or knowledge, we will provide preferential consideration for candidates who have worked with Splunk previously.
The team will deliver by providing consulting, training, and hands-on-keyboard services for Splunk data integration, content development and user enablement for the organization. This team will be a combination of Splunk engineers and Splunk security resources that will own and lead the customer’s certificate management via ServiceNow and Venafi solutions.
- Implement and maintain Splunk infrastructure and configuration
- Undertake day-to-day operational and user support
- Execute on new projects and data/user onboarding
- Assist helpdesk with Splunk system related issues.
- Customize Splunk search queries
- Promote advanced searching, forensics and analytics
- Expedite creative solutions to complex problems
- Audit existing and on-going searches
- Assist helpdesk with search related issues
- Assist with requirements gather and data on-boarding
- Perform data interpretation, classification and enrichment
- Build data models
- Manage knowledge objects (e.g. fields, extractions, tags, event types, lookups, workflow actions, aliases, macros, etc.)
- Configure summary-based reports and data model acceleration
- Develop and customize Splunk Apps and dashboards
- Implement integration to external systems
- Build advanced visualizations
- Tuning and configuration of Splunk App for Enterprise Security
- Configure incident response and remediation workflows from ES
- Participate in data on-boarding for CIM compliance
- Assist in development of advanced security use cases in Splunk
Desired Skills & Experience
This role can be located in Raleigh, NC (preferred) or Washington, DC with light travel between the locations.
- The Splunk Development Engineer should have at least two (2) years of hands-on experience in IT systems administration on Windows or UNIX platforms (RH Linux, SUSE Linux, HP-UX, Solaris or equivalent.) Must include specific expertise executing program installation and configuration from the command line.
- The Splunk Development Engineer should have experience with client/server communications privacy and security operations center expertise.
- Excellent troubleshooting skills and strong technical learning aptitude required.
- Experience must include using regex (regular expressions) with a scriptinglanguage. Experience with perl regular expressions are preferred, but use of regex objects in any scriptinglanguage (bash, python, c++, ruby, etc.) is acceptable.
Preferred Skills and Experience:
- Splunk experience including, but not limited to, Splunk Administration; Splunk Search Processing language; Splunk Reporting and Dashboard Creation
- The Splunk Development Engineer should have experience in Windowsscripting (batch, VBScript, Powershell) with at least two (2) years experience with these technologies.
- Prefer experience working with Windows System Center Configuration Manager (SCCM)
- Prefer experience in software update management using Microsoft Software Installation (MSI) Technology
- Experience in systems administration – specifically hardening – using Microsoft Group Policy Objects (GPO)
- Experience in application load balancing in Splunk and/or using DNS and Load Balancing Services (such as F5)
- The Splunk Deployment Engineer should be versed in linux scripting (SH, BASH, KSH) with at least two (2) years experience with these technologies.
Education / Experience Requirements:
- Technical degree (Computer / Data Science) or 5 years of relevant professional experience