The Splunk Engineer joins an experienced team of Cybersecurity experts for project engagements in and around the Washington, D.C. area. This position requires data analytics skills while incorporating network, system and wireless security experience to solve complex problems and continuing to promote growth and development.
• Leverage the full utility of Splunk technology in order to monitor cyber security, protect IT infrastructure, and enable rapid containment and resolution to IT security incidents
• Provide administration, maintenance and technical support of the Splunk products within the enterprise
• Design, support and maintain the Splunk infrastructure in a High Availability configuration (Splunk clusters)
• Participate as an escalation point for operations support for Splunk. Monitor the Splunk infrastructure for capacity planning and optimization.
• Troubleshoot technical issues to establish the root cause of problems and form a solution or workaround as necessary
• Reproduce customer issues and if necessary file bug reports, escalate cases to engineering, and provide necessary documentation
• Provide and maintain documentation of the Splunk environment as it evolves within the enterprise
• Design and generate data parsers as necessary to optimize ingestion of data from a wide variety of devices including servers, firewalls, IDS/IPS, VA appliances, etc.
• Standardize Splunk forwarder deployment, configuration and maintenance across UNIX/Linux and Windows platforms
• Design and generate custom user interfaces using Splunk Search Processing Language (SPL) queries, reports and dashboards
• Gather customer requirements for new reporting requests and data queries from users
Knowledge and skills:
• Ability to listen and collaborate with audiences ranging from IT administrators to executive level stakeholders to help craft SIEM solutions
• Ability to set goals and work independently.
• Ability to work under time pressure and deadlines.
• Excellent organizational and time management skills.
• Excellent oral and written communications skills
• Strong problem solving abilities
• Proficient in the English language.
• Proficient in MS suite of products including but not limited to Work, Excel, PowerPoint, Visio, etc.
Education and work experience:
• Bachelor’s degree in Computer Science, Engineering, Management Information Systems, Cybersecurity or a related Math or Science discipline preferred or equivalent combination of education and experience.
• 2+ years of experience with Splunk
• Experience writing advanced Splunk searches to perform data correlations, identify trends, locate anomalous and suspicious activity, detect malicious behavior and find other notable events
• Experience creating reports, scheduled searches, alerts, forms and dashboards to satisfy data requests and present Splunk information to a wide range of technical audiences including general users, system administrators, Security Operations Center (SOC) technicians, and senior management
• Experience configuring Splunk inputs, performing field extractions, data management, knowledge object creation, and validating existing data is parsed correctly.
• Experience using Splunk to integrate with and automate existing process and data driven tasks
• Experience with multiple sources of system data including firewalls, proxies, routers, IDS/IPS, databases, Windows OS and custom appliances such as Citrix, McAfee, Blue Coat, Syslog.
• Experience with a programming language such as Perl, Java, Python, C/++/#, Ruby, SQL
• Experience writing regular expressions