Splunk Engineers - TSSCI Poly Remote

This is a remote position.

Seeking multiple Splunk Engineers to Join our client team. Our team supports both Federal and State customers in their efforts to develop and maintain a Splunk environment. While much of this role may be conducted remotely some positions/ programs require travel to customer sites and/or a government security clearance (Secret Top Secret TS/SCI Poly).

POSITION RESPONSIBILITIES: Roles may include some or all of the following

• Manage multiple assignments changing priorities and work independently with little oversight
  
• Build implement and administer Splunk in Linux and Windows environments
  
• Work with existing and custom Splunk applications and addons to fulfill customer needs
  
• Provide overall engineering and design support for a distributed Splunk environment
  
• Editing and maintaining Splunk configuration files and apps
  
• Troubleshoot Splunk configuration settings needed to ensure proper operation of Splunk
  
• Perform API integrations with other 3rd party vendor software
  
• Able to create modify update and maintain Python and PowerShell scripts
  
• Onboard data to Splunk
  
• Security event data normalization and practices to provide ES with data enrichment with Common Information Modal (CIM) compliance.
  
• Provide assistance for detailed view of notable events workbook for open investigations and risk analysis scoring system.
  
• Recommend actions in security operations center tier I and tier II incident response incidents.
  
• ES tuning performance by editing creating search language of searches to modify and reduce number of notables and removal of low value searches.
  
• Configuration of correlation searches dashboard searches risk modifiers threat intelligence feeds workflow actions and Enterprise Security content.
  
• Automate issue resolution and compliance reporting to lower time on detection time on mitigation for security organizations.
  
• Integrate Splunk Mission Control Splunk Security Orchestration Automation Response (SOAR) and/or other customer approved security product applications utilizing Enterprise Security.
  
• Utilize data thresholds trendbased conditions and behavioral pattern recognition.
  
• Enterprise Security (ES) to support tier I alerting investigations and O&M of the SIEM.
  
• Support hunt missions (tier II) and Defensive Cyber Operations (DCO) (tier III) as needed
  
• Provide best business practices and recommendations in contribution to customers security strategy and SOC policies.
  
• Design resiliency using ITSI; build out an ITSI application and implement the design to run ITSI at multiple locations and have one location have overall oversight.
  
• Data onboarding data normalization and daytoday maintenance of Splunk platform.
  

Requirements

• Splunk Enterprise Architect certification
  
• Splunk Core Consultant Certification
  
• Splunk Enterprise Security Certification
  
• Splunk IT Service Intelligence Certified Admin ITSI
  
• Working knowledge of SOAP/REST APIs JSON HTML/CSS JavaScript and XML
  
• Authored SOPs playbooks work instructions and/or other process documents
  
• CISSP or Security Plus credentials
  
• Experience with Python development
  
• Experience working in Splunk Cloud environment
  
• Willing to direct and guide junior consultants on the team
  
• Data onboarding visualizations and use case tuning
  
• Background in Linux Python networking high level troubleshooting skills
  
  

YEARS OF EXPERIENCE: Minimum 3 years of experience with Splunk

SECURITY CLEARANCE: Varies no clearance to TS/SCI Poly

EDUCATION: Bachelor s degree in related field or equivalent experience preferred