Splunk Enterprise Security Architect

Axxum Technologies - Chantilly, VA

Full-timeEstimated: $120,000 - $170,000 a year
The Splunk Enterprise Security Application Architect provides expertise and a specialized Splunk related focus on enterprise-level machine data analytics supporting mission critical information systems in a dynamic, fast-paced environment.

More About the Role:
Cyber Security analysis of IT security logs and threat signatures to identify unauthorized behaviors, system attacks/viruses/malware, vulnerabilities, and non-compliant configurations.
Design, implement, and optimize Splunk applications (to include Enterprise Security), queries, knowledge objects, and data models.
Design, implement, optimize, and sustain data feeds, system-to-system integration, and REST application interfaces to Splunk.
Develop custom scripts to facilitate automation, integration, and operational efficiencies.
Identify and collect machine and non-machine data sets.
Identify potential threats and malicious behavior, and develop methods for alerting and monitoring within Splunk.
Develop new dashboards, searches, and alerts to enhance Enterprise Security use cases.
Collaborate with other engineers and analysts to enhance development of actionable business intelligence, troubleshoot performance issues, and combat threats.
Educate management and peers about Splunk-related issues; Maintain compliance with security regulations and guidelines.

You'll Bring These Qualifications:
5 years minimum experience with architecting, engineering, deploying, maintaining, and utilizing Security Incident Event Management (SIEM) applications plus 1 plus years' experience with Splunk Enterprise Security Premium Application and Splunk Enterprise.
1-year minimum experience with Amazon AWS Cloud Services architecture.
1-year minimum experience with Splunk Enterprise Security application development.
Demonstrated expert-level knowledge of Linux systems.
Demonstrated knowledge of Regular Expression, DNS, DHCP, and file storage technologies.
Demonstrated experience with Incident Management business processes (customer experience preferred).
Ability to research and clearly articulate (both verbally and in writing) recommended solutions.
Demonstrated aptitude for analytical thinking, problem solving, and working multiple tasks concurrently.
Exceptional interpersonal skills with the ability to work in a team-oriented collaborative environment.
Bachelor's degree and 8 plus years relevant experience or equivalent
TS SCI with Poly clearance required

Required certifications:
Advanced Splunk certifications
Amazon Web Services (AWS)
MCSE or equivalent
DevOps and Agile experience

These Qualifications Would be Nice to Have:
Experience with Splunk's IT Service Intelligence (ITSI) app
Experience using command-line interfaces, scripting (such as PowerShell) and queries (such as T-SQL)
Task automation via BASH, Python, Rest, Powershell
Demonstrated experience with physical and virtual server architecture and network fundamentals
Knowledge of cyber threat hunting and cyber incident response