19 Sep
Splunk Engineer
Vacancy expired!
- Act as a Splunk Subject Matter Expert
- Provides installation, configuration, maintenance, and ongoing operations support to the SIEM toolset (e.g., Splunk)
- Serves as the primary party responsible for day-to-day operations of the SIEM and as the escalation point identifying potential information security incidents that require log analysis/correlation
- Expert on SIEM day to day operation, configuration at EXIM and how it is implemented and managed on a daily basis including:
- license management,
- indexers and search heads
- configuration management
- monitoring
- log ingestion into Splunk
- Serves as an administrator for SIEM (who has logins, what they can do with logins)
- Must have hands-on experience and knowledge to configure SIEM tools with Windows, Office 365, AWS, Windows Azure, Linux, Oracle, IBM, Cisco Gear (routers, switches, firepower etc.) and Palo Alto Firewalls.
- Expert on Splunk Enterprise Security Module including:
- Enterprise Security event processing and normalization
- Deployment requirements
- Technology add-ons
- Risk analysis settings
- Threat intelligence and protocol intelligence configuration
- Customizations
- Must be able to resolve issues and enhance SIEM functionalities as per customer’s requirements.
- Manage and monitor SIEM operations and resolve operational issues with appropriate staff
- Ensure the SIEM tool running properly
- Manage resource utilization monitoring (storage, CPU)
- Responsible for incident resolution, configuration, tool deployments and advanced content development
- Designs, deploys, tests, troubleshoots, and maintains the Enterprise SIEM Environment including configuration issues, deployment problems, and role-based accesses across an enterprise environment including Windows, Linux, virtual environments (VMware) and cloud (Azure, O365, AWS)
- Onboard advanced data sources, create new custom parsers, architecture assessment, and design reviews
- Expert on the use of SIEM to monitor security, creating dashboards and security reports.
- Create artifacts for Auditors and participate in 'investigation' projects that require log analysis/correlation.
- Run 'anomaly' process when anomalies are detected.
- Help define, implement and monitor key risk indicators and key performance indicators (KRIs/KPIs)
- Review and critique system security plans, network diagrams, and other security documentation as part of vulnerability engagements
- Develop, tune, and maintain automation of SIEM reporting for network-based, host-based and log-based security event analysis
- Coordinate with Application owners to leverage application level log review
- Manage reporting, customer meetings and project tasks within given deadlines by displaying exceptional time management skills
- 5+ years of information security engineering and operations including: security operations, incident analysis, incident handling, and vulnerability management or testing, log analysis, intrusion detection
- 5+ years designing and supporting a complex Splunk environment
- Bachelor’s degree in Computer Science, Information Technology, or related degree; experience may be substitute
- Proficient operating within a Linux environment and maintaining Splunk configurations files and apps
- Demonstrate the ability to create complex dashboards and visualizations according to customer requirements
- Understanding of FISMA, NIST, FISCAM and FICAM policies
- Experience with the following technologies desired: Nessus, Qualys, IDS/IPS, network- and host-based firewalls, data leakage protection (DLP), User and Network Behavior Analytics, End Point Solutions, and third-party monitoring tools such as Zabbix
- Works well both in a team environment and independently in a dynamic fast paced environment
- Excellent interpersonal and organization skills
- Excellent oral and written communication skills
- Splunk Enterprise Certified Admin (Preferred or obtained within 9 months of hire)
- Splunk Enterprise Security Certified Admin (Preferred)
Vacancy expired!