This is a remote position.
Seeking multiple Splunk Engineers to Join our client team. Our team supports both Federal and State customers in their efforts to develop and maintain a Splunk environment. While much of this role may be conducted remotely some positions/ programs require travel to customer sites and/or a government security clearance (Secret Top Secret TS/SCI Poly).
POSITION RESPONSIBILITIES: Roles may include some or all of the following
- Manage multiple assignments changing priorities and work independently with little oversight
- Build implement and administer Splunk in Linux and Windows environments
- Work with existing and custom Splunk applications and addons to fulfill customer needs
- Provide overall engineering and design support for a distributed Splunk environment
- Editing and maintaining Splunk configuration files and apps
- Troubleshoot Splunk configuration settings needed to ensure proper operation of Splunk
- Perform API integrations with other 3rd party vendor software
- Able to create modify update and maintain Python and PowerShell scripts
- Onboard data to Splunk
- Security event data normalization and practices to provide ES with data enrichment with Common Information Modal (CIM) compliance.
- Provide assistance for detailed view of notable events workbook for open investigations and risk analysis scoring system.
- Recommend actions in security operations center tier I and tier II incident response incidents.
- ES tuning performance by editing creating search language of searches to modify and reduce number of notables and removal of low value searches.
- Configuration of correlation searches dashboard searches risk modifiers threat intelligence feeds workflow actions and Enterprise Security content.
- Automate issue resolution and compliance reporting to lower time on detection time on mitigation for security organizations.
- Integrate Splunk Mission Control Splunk Security Orchestration Automation Response (SOAR) and/or other customer approved security product applications utilizing Enterprise Security.
- Utilize data thresholds trendbased conditions and behavioral pattern recognition.
- Enterprise Security (ES) to support tier I alerting investigations and O&M of the SIEM.
- Support hunt missions (tier II) and Defensive Cyber Operations (DCO) (tier III) as needed
- Provide best business practices and recommendations in contribution to customers security strategy and SOC policies.
- Design resiliency using ITSI; build out an ITSI application and implement the design to run ITSI at multiple locations and have one location have overall oversight.
- Data onboarding data normalization and daytoday maintenance of Splunk platform.
Requirements
- Splunk Enterprise Architect certification
- Splunk Core Consultant Certification
- Splunk Enterprise Security Certification
- Splunk IT Service Intelligence Certified Admin ITSI
- Working knowledge of SOAP/REST APIs JSON HTML/CSS JavaScript and XML
- Authored SOPs playbooks work instructions and/or other process documents
- CISSP or Security Plus credentials
- Experience with Python development
- Experience working in Splunk Cloud environment
- Willing to direct and guide junior consultants on the team
- Data onboarding visualizations and use case tuning
- Background in Linux Python networking high level troubleshooting skills
YEARS OF EXPERIENCE: Minimum 3 years of experience with Splunk
SECURITY CLEARANCE: Varies no clearance to TS/SCI Poly
EDUCATION: Bachelor s degree in related field or equivalent experience preferred