SENIOR SPLUNK ENGINEER

THE OVERALL PURPOSE OF POSITION:  

• The purpose of this position is to support the design, architecture, build, configuration, implementation and operations support as well as establish the useable Splunk solution. The candidate will support Splunk ES installation and configurations while building automation activities. This position will work closely with the Technical Architecture and Operations teams and reports to the Security Architect and the Project Manager.  

SCOPE OF WORK  

• Working in a collaborative and information-centered environment, the Senior Splunk Engineer will assist with on-going cybersecurity activities including, but not limited to:   

• Identification of business-critical systems within Client infrastructure   

• Identification of all systems within the Client infrastructure.   

• Percent known and previously unknown   

• Identification of current coverage (percentage) of business-critical systems with Splunk Forwarders   

• Develop plan of action to provide more comprehensive coverage   

• Identify required integrations (e.g., Nessus/SecurityCenter, ServiceNow, PaloAlto)   

• Make recommendations for additional optional integrations   

• Identify current volume of audit data coming from business-critical systems   

• Assess gap in current indexing capability   

• Develop index clustering strategy   

• Assess current needs for search head deployment   

• Develop search head clustering strategy   

• Identify user community and required roles   

• Expand forwarder coverage to include non-critical endpoints and systems   

• Identify potential free Splunk apps that provide basic security intelligence and limited view of compliance   

• Identify potential dashboarding opportunities - simple to generate requirements for more complex alternatives or premium   

• Expand forwarder coverage to include non-critical endpoints and systems   

• Identify potential free Splunk apps that provide basic security intelligence and limited view of compliance   

• Identify potential dashboarding opportunities - simple to generate requirements for more complex alternatives or premium apps   

• Perform integrations with existing business and security applications as requested   

• Identify gaps to deploying Splunk ES and other premium applications   

• Identify opportunities for new dashboards and/or potential Splunk application development   

• Threat intelligence ingest (free sources, initially)   

• Investigate appetite for full security architecture assessment  

• Other IT security support  

Client CORE COMPETENCIES   

• Forward Thinking: The ability to anticipate the implications and consequences of situations and take appropriate action to be prepared for possible contingencies   

• Thinks Critically: The ability to approach one's work analytically by identifying issues/questions, gathering and evaluating data, and creating evidence-based recommendations or solutions   

• Embraces Innovation & Change: The ability to respond positively to change and demonstrate flexibility, and openness to new ways of thinking and doing things   

• Communicates Openly & Effectively: The ability to effectively communicate in multiple modes and in a way that fosters understanding and dialogue, as well as engages with others in a way that demonstrates emotional intelligence   

• Performance Focused: The ability to take ownership for one's own or one's employees' performance, by setting clear goals and expectations, tracking progress against the goals, providing feedback, and addressing performance problems and issues promptly   

• Applies Customer Lens: The ability to provide the best service to customers (internal and external) with the goal of exceeding their expectations while maintaining integrity   

• Develops Self & Others: The ability to identify, learn, and apply new skills or habits as needed to perform successfully on the job.   

• Fosters Collaboration: The ability to look beyond immediate teams, broaden peer networks, and finding ways to partner with internal and external stakeholders in order to achieve success.  

QUALIFICATIONS AND EXPERIENCE:  

• Experience with storage technologies, platform administration on Linux and Windows and experience with many of today's security tool sets (IPS/IDS, AV, Firewalls, Switches, etc.)  

• Preparing and delivering information in a concise, professionally written format  

• Preparing documentation on systems, processes or procedures, including network and workflow documents  

• Preparing and presenting information on staff in a formal and informal setting   

• Working in teams, task forces, etc.   

• Developing and/or creating new or more effective ideas, approaches   

• Analyzing and developing solutions to problems   

• Providing technical support   

• Providing outstanding customer service   

• Developing and maintaining positive customer rapport   

• Excellent interpersonal and communications skills   

• Ability to life 15-25 pounds   

EDUCATION   

• Bachelor’s degree and/or relevant technical training with certification.   

LENGTH OF EXPERIENCE  

• The minimum amount of total work-related experience required is five (5) years, for the position. This means experience in a related area or time spent performing similar work that provides the background for the current position.