Job title: Splunk Enterprise Security Engineer (W2)
Location: Baltimore, MD
Duties And Responsibilities
- Alert use case development
- Upgrade Splunk apps required by Splunk ES upgrades
- Splunk Enterprise Security administration and management
- Configure notable event actions, action menus and Adaptive Responses
- Data onboarding and data ingestion normalization recommendations
- Strong knowledge of security risk procedures, security patterns, authentication technologies and security attack pathologies
- Develop, evaluate, and document, specific metrics for management purpose
- Write complex code to install and manage the Splunk enterprise development
- Performing maintenance and optimization of existing clustered Splunk deployments
- Create Dashboards to monitor the traffic volumes, response times, errors, and warnings across various data centers
- Monitor the web portals, log files and databases
- Provide debugging and monitoring capabilities
- Design and Develop Splunk for routine use
- Solve complex Integration challenges and debug complex configuration issues
- Consult with stakeholders to establish, maintain and refresh their strategic direction in cloud adoption
- Become knowledgeable on the CDM technical requirements for the federal government’s CDM program. Understand your
role in CDM activities.
- Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access.
- Design, manage, and maintain enterprise SIEM infrastructure to improve data ingestion processes, including architectural
work on data pipelines to ensure optimal flow of data.
- Maintenance, configuration and implementing products, appliances and devices on the enterprise network
Basic Qualifications
Minimum knowledge, skills, abilities needed.
- Bachelor’s degree and 7 years of experience, Master's degree and 5 years of experience, or 11 years of experience in lieu of a
degree
- At least 4 years’ experience using customer-focused Splunk Enterprise Security SIEM engineering background - SME
knowledge of ES v4.7
- At least 4 years’ experience in a senior Splunk role working in a Splunk clustered environment supporting SOC or NOC
environments
- At least 4 years of experience with:
- In-depth knowledge of designing, upgrading, maintaining and implementing network devices on a large-scale
enterprise
- Direct experience with Splunk Engineering and data integration
- Prior SIEM data modelling experience on similar platform at scale (>50 servers)
- Scripting and development skills in Python/Perl with deep comprehension of regular expressions
- Coordination and communication with other remotely deployed team members
- Developing documentation with processes and procedures
- Proposing, implementing automation features in a large enterprise environment
- At least 3 years of experience with Linux and SQL/ODBC interfaces
- At least 2 years of experience in app interface development, using REST API’s
- Hold active Splunk Core Certifications of at least Splunk Architect
- Minimum of 3 year of experience in developing and tailoring reporting from network security tools.
- Must be able to obtain and maintain a US Public Trust clearance
