Position: “Splunk Enterprise Security Engineer”
Location: Baltimore, MD - Onsite
Duration: Contract, Long Term
Visa GC or USC
Job Description
Job Title: Splunk Enterprise Security Engineer
Position location: Baltimore
Description
We are seeking a Splunk Enterprise Security Engineer who can develop custom detection content (correlation rules) identify threat activity. This includes developing notable events, visualizations, forms, reports, alerts, as well as Splunk Apps, Technology Add-ons, and normalize data sources to the Common Information Model. The candidate will provide optimization of data flow using aggregation, filters, etc. The Splunk Engineer will provide overall engineering, and administration in supporting a very large distributed clustered Splunk environment consisting of search heads, indexers, deployers, deployment servers, heavy/universal forwarders and Splunk Enterprise Security app, spanning security, performance, and operational roles. The Engineer should be proficient with recognizing and onboarding new data sources into Splunk, analyzing the data for anomalies and trends, and building dashboards highlighting the key trends of the data. The Splunk engineer should be proficient within a Linux environment, editing and maintaining Splunk configuration files and apps.
Duties And Responsibilities
- Alert use case development
- Upgrade Splunk apps required by Splunk ES upgrades
- Splunk Enterprise Security administration and management
- Configure notable event actions, action menus and Adaptive Responses
- Data onboarding and data ingestion normalization recommendations
- Strong knowledge of security risk procedures, security patterns, authentication technologies and security attack pathologies
- Develop, evaluate, and document, specific metrics for management purpose
- Write complex code to install and manage the Splunk enterprise development
- Performing maintenance and optimization of existing clustered Splunk deployments
- Create Dashboards to monitor the traffic volumes, response times, errors, and warnings across various data centers
- Monitor the web portals, log files and databases
- Provide debugging and monitoring capabilities
- Design and Develop Splunk for routine use
- Solve complex Integration challenges and debug complex configuration issues
- Consult with stakeholders to establish, maintain and refresh their strategic direction in cloud adoption
- Become knowledgeable on the CDM technical requirements for the federal government’s CDM program. Understand your role in CDM activities.
- Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access.
- Design, manage, and maintain enterprise SIEM infrastructure to improve data ingestion processes, including architectural work on data pipelines to ensure optimal flow of data.
- Maintenance, configuration and implementing products, appliances and devices on the enterprise network.
Basic Qualifications
- Bachelor’s degree and 7 years of experience, Master's degree and 5 years of experience, or 11 years of experience in lieu of a degree
- At least 4 years’ experience using customer-focused Splunk Enterprise Security SIEM engineering background - SME knowledge of ES v4.7
- At least 4 years’ experience in a senior Splunk role working in a Splunk clustered environment supporting SOC or NOC environments
- At least 4 years of experience with:
- In-depth knowledge of designing, upgrading, maintaining and implementing network devices on a large-scale enterprise
- Direct experience with Splunk Engineering and data integration
- Prior SIEM data modelling experience on similar platform at scale (>50 servers)
- Scripting and development skills in Python/Perl with deep comprehension of regular expressions o Coordination and communication with other remotely deployed team members
- Developing documentation with processes and procedures
- Proposing, implementing automation features in a large enterprise environment
- At least 3 years of experience with Linux and SQL/ODBC interfaces
- At least 2 years of experience in app interface development, using REST API’s
- Hold active Splunk Core Certifications of at least Splunk Architect
- Minimum of 3 year of experience in developing and tailoring reporting from network security tools
- Must be able to obtain and maintain a US Public Trust clearance
Preferred Qualifications
- Experience with Splunk Common Information Model (CIM) and Enterprise Analytic
- Strong problem-solving abilities with an analytic and qualitative eye for reasoning under pressure.
- Self-starter with the ability to independently prioritize and complete multiple tasks with little to no supervision
- Knowledge of Cloud Services such as AWS, Azure, Office365
- Ability to script in one more of the following computer languages Python, Bash, Visual Basic or Powershell
Experience in automating Splunk Deployments and orchestration with in a Cloud environment