Splunk Engineer

IAMUS Consulting - Greenbelt, MD (30+ days ago)

Years of Experience: 14 years

Education Requirements: Bachelor’s degree

Preferred Certifications: Certifications could include:
Splunk Certified Admin
Splunk Certified Power User
Splunk Certified Architect
Splunk Certified Architect II

Position Description: The Splunk Engineer will report to the SOC Director and Deputy Directory and will provide overall engineering and design support for a very large distributed Splunk environment consisting of heavy forwarders, indexers, and search head servers, spanning security, performance, and operational roles. The Splunk engineer will support the full system engineering life-cycle, including requirements analysis, design, development, integration, test, documentation, and implementation following defined best practices and operational workflows.

The candidate should be familiar with recognizing and onboarding new data sources into Splunk, analyzing the data for anomalies and trends, and building dashboards highlighting the key trends of the data. The Splunk engineer should be familiar with Windows and Linux environments, editing and maintaining Splunk configuration files and apps.

The Splunk engineer will work with other Cybersecurity Engineering team members and will be required to interact with end users to gather requirements, perform troubleshooting, and provide assistance with the creation of Splunk search queries and dashboards. The Splunk engineer will be required interact with senior management, as necessary.

Designing, engineering, configuring and administering Splunk content
Assisting in the proper operation and performance of Splunk, plug-ins, loggers and connectors
Building Splunk reports
Developing dashboards with visual metrics for stakeholders
Defining strategy and design around data collection, aggregations, and summarization processes
Integrating external data sources into Splunk
Enforcing best practices related to summarizing and querying data
Developing advanced scripts for the manipulation of multiple data repositories to support analyst requirements
Partnering with other enterprise teams to support data capture and advanced data analytics and forecasting efforts to support proactive identification of issues
Providing recommendations and implement changes to optimize Splunk products in the customer environment
Designing the Splunk system solution to meet growth while maintaining a balance between performance, stability, scalability and agility
SIEM content management
Ability to develop use cases, search and reporting scripts
Create, optimize, and continuously evaluate security monitoring content (correlated searches/alerts) on Splunk ES.

Job Requirements:
Set up and configure Splunk search servers, deployment servers, clustered indexers, and forwarders, as required
Configure Splunk integration points and verify functionality in the technical evaluation environment
Document build procedures and customizations to provide inputs to functional and operational requirements
Create custom reports for ingestion to RSA Archer Dashboard
Demonstrate innovative influence for projects
Problems faced are difficult and often complex
Strong understanding of root causes of malware infections and proactive mitigation
Strong understanding of lateral movement and footholds
Strong understanding of data exfiltration techniques. Demonstrated ability in critical thinking, problem solving, and analytics
Enjoy analyzing patterns looking for outliers
Enjoy creating ways to find needles in haystacks
Have real world experience analyzing complex attacks and understand TTPs of threat actors
Define relationships between seemingly unrelated events through deductive reasoning
Experience in network/host based intrusion analysis, malware analysis, forensics, and cyber threat intel
Knowledge of advanced threat actors and complex attacks
Possess excellent writing skills and the ability to communicate to technical and executive level staff
Quick study with new tools
Knowledge and experience with Splunk and other cyber tools

Required/Desired Skills:
Demonstrated 7+ years knowledge and hands-on experience in security with an emphasis in engineering design, system analytics, operations and maintenance of a variety of security technologies used for security defense areas such as: network, storage/back, platforms (Windows/Linux Servers and desktops)
5 years of experience with Splunk, network security, system security, and supporting security information and event management (SIEM)
Demonstrated experience in the implementation of information engineering projects; systems analysis, design and programming using standard tools and methods
Create complex detection and alerting logic and log source onboarding for security focused content in our enterprise Splunk deployment.
Ingest sources include: Networking (Load-Balancers, IPS, Firewalls), Operating Systems (Linux, Windows, UNIX), security tools, infrastructure, and
Engineer, configure, and deploy enterprise SIEM and log management solutions, develop automation for security tools management, and create customized searches and applications using programming and development expertise, including Java, Python, Shell scripting, and regular
Create and optimize Big Data correlations as a Splunk search language (SPL) expert.
Optimize/Tune logging source streams.
Provide guidance and support for existing security analytics.
Develop solution and enterprise best practices for logging and monitoring.
Work directly with cyber security teams to gather functional requirements, develop solutions which meet or exceed the requirements, and support the system.
Promote a risk-aware culture, ensure efficient and effective risk and compliance management practices by adhering to required standards and processes.
Leverage knowledge on a number of security technologies to operate and maintain the Splunk log management infrastructure.
Develop advanced reports to meet the requirements of key stakeholders and scalable security management tools and processes.
The candidate must have experience in designing, implementing, and maintaining a fully operating SIEM solution.
Strong technical knowledge of Amazon AWS products and services, such as EC2, BeanStalk, Lambda, VPC, Route53, Amazon FW, API Gateway, ELB, CloudTrail, CloudFront, and etc.
Proficiency in one or more programming/scripting languages - experience with Javascript/Node, Python, Lua, or PowerShell is strongly preferred
Strong knowledge of information security concepts, trends, and practices
Working knowledge of various network and security systems
Familiarity with basic statistics/probability and Big Data analytics techniques such as SVM, logistics regression, Kmeans, and Naives Bayes.
An ability to learn quickly, and a passion for solving technical problems
Superior written and oral English communication skills is essential
Highly developed, process-oriented skills for troubleshooting, problem solving, and problem resolution
Good knowledge of networking concepts
Familiarity with XML and HTML, CSS, XML tasks
Ability to perform shell, Python and PERL scripts
Prior supervisory or technical team lead experience
Knowledge of network routing and switching fundamentals to include knowledge of Multiprotocol Layer Switching (MPLS)
Deep technical understanding of operating systems, network architecture and design, Active Directory (AD) application log consumables, systems design as well as superior knowledge of technical operations process and procedures
Knowledge of encryption, key management and cryptology
Knowledge with the Risk Management Framework (NIST 800-37), Security Controls as described in NIST 800-35, and the Federal Information Security Modernization Act (FISMA) operating standards and applicable guidelines
Practical knowledge of performing threat modelling, risk analysis, root cause analysis, risk identification, and risk mitigation
Experience planning and implementing secure networking practices such as: application segmentation, network segmentation, NAC and other access control testing/validation, updating access control SOPs
Ability to configure and develop an enterprise SIEM solution including signature tuning, development of correlation rules, reports, and alarms
Experience with a variety of web application protocols, web services (components including JavaScript, XML, JSON), scripting capabilities (Power shell, Python) software development frameworks, operating systems, and networking technologies. Understanding of various web application frameworks such as ASP.NET, J2EE
Organizational Skills: Proven ability to plan and prioritize work, both their own and that of project team. Managed teams. Follows tasks to their logical conclusion. Understanding of project management principles and techniques (project plans, critical path, etc.), ability to develop security project plans and work with development teams to integrate those into development schedules - in both waterfall and agile environments.