Job Description
Position: Splunk Security Engineer
Location : MD, Gwynn Oak, Onsite
Need USC Candidate only
Please do not send any resumes longer than 5 pages
In order to comply with federal government regulations, candidates must be able to obtain a public trust clearance.
Need DL and passport copy at time of submission.
Candidates will be developing custom detection content (correlation rules) to identify threat activity. This includes developing notable events, visualizations, forms, reports, alerts, as well as Splunk Apps, Technology Add-ons, and normalize data sources to the Common Information Model. The candidate will provide optimization of data flow using aggregation, filters, etc. The Splunk Engineer will provide overall engineering, and administration in supporting a very large distributed clustered Splunk environment consisting of search heads, indexers, deployers, deployment servers, heavy/universal forwarders and Splunk Enterprise Security app, spanning security, performance, and operational roles. The Engineer should be proficient with recognizing and onboarding new data sources into Splunk, analyzing the data for anomalies and trends, and building dashboards highlighting the key trends of the data. The Splunk engineer should be proficient within a Linux environment, editing and maintaining Splunk configuration files and apps.
Duties and Responsibilities:
•Alert use case development
•Upgrade Splunk apps required by Splunk ES upgrades
•Splunk Enterprise Security administration and management
•Configure notable event actions, action menus and Adaptive Responses
•Data onboarding and data ingestion normalization recommendations
•Strong knowledge of security risk procedures, security patterns, authentication technologies and security attack pathologies
•Develop, evaluate, and document, specific metrics for management purpose
•Write complex code to install and manage the Splunk enterprise development
•Performing maintenance and optimization of existing clustered Splunk deployments
•Create Dashboards to monitor the traffic volumes, response times, errors, and warnings across various data centers
•Monitor the web portals, log files and databases
•Provide debugging and monitoring capabilities
•Design and Develop Splunk for routine use
•Solve complex Integration challenges and debug complex configuration issues
•Consult with stakeholders to establish, maintain and refresh their strategic direction in cloud adoption
•Become knowledgeable on the CDM technical requirements for the federal government’s CDM program. Understand your role in CDM activities
•Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access
•Design, manage, and maintain enterprise SIEM infrastructure to improve data ingestion processes, including architectural work on data pipelines to ensure optimal flow of data
•Maintenance, configuration and implementing products, appliances and devices on the enterprise network
Basic Qualifications:
•Bachelor’s degree and 7 years of experience, Master’s degree and 5 years of experience, or 11 years of experience in lieu of a degree
•At least 4 years’ experience using customer-focused Splunk Enterprise Security SIEM engineering background – SME knowledge of ES v4.7
•At least 4 years’ experience in a senior Splunk role working in a Splunk clustered environment supporting SOC or NOC environments
•At least 4 years of experience with:
o In-depth knowledge of designing, upgrading, maintaining and implementing network devices on a large-scale enterprise
o Direct experience with Splunk Engineering and data integration
o Prior SIEM data modeling experience on similar platform at scale (>50 servers)
o Scripting and development skills in Python/Perl with deep comprehension of regular expressions
•At least 3 years of experience with Linux and SQL/ODBC interfaces
•At least 2 years of experience in app interface development, using REST API’s
•Hold active Splunk Core Certifications of at least Splunk Architect
•Minimum of 3 year of experience in developing and tailoring reporting from network security tools.