Global Cyber Defense Splunk Engineer – Content
Cyber Security Cyber Risk Posted: 08-Jun-2022
Alexandria, Virginia, United States
Arlington, Virginia, United States
Atlanta, Georgia, United States
Austin, Texas, United States
Baltimore, Maryland, United States
Charlotte, North Carolina, United States
Cincinnati, Ohio, United States
Cleveland, Ohio, United States
Columbus, Ohio, United States
Dallas, Texas, United States
Detroit, Michigan, United States
Hermitage, Tennessee, United States
Houston, Texas, United States
Kansas City, Missouri, United States
Mclean, Virginia, United States
Miami, Florida, United States
Nashville, Tennessee, United States
Pittsburgh, Pennsylvania, United States
Raleigh, North Carolina, United States
Rosslyn, Virginia, United States
San Antonio, Texas, United States
Tampa, Florida, United States
Washington Dc, Virginia, United States
Work you'll do
The successful candidate will provide ongoing engineering of the current Splunk infrastructure as well as the migration/implementation of Splunk products in a global multi-data center environment. This role also requires a forward-thinking consultative approach and a high degree of collaboration with the Splunk architect and customer Infrastructure teams.
The GEMS Engineer works closely with team leadership to ensure integration of operations and maintenance to team standards. He/she will have experience in content development, log source onboarding, and/or maintenance of Splunk and Splunk ES. He/she exhibits a high service attitude and operations discipline to deliver a 24x7, highly available and highly performing, production application.
Responsibilities:
- Partner with development and operations teams to develop practical automation solutions and custom modules.
- Create, optimize, and continuously evaluate security monitoring content (correlated searches/alerts) on Splunk Enterprise Security.
- Implement/maintain data normalization methods based on requirements provided by stakeholders/leadership.
- Clearly document and diagram deployment-specific aspects of architectures and environments, working closely with various teams to create application runbooks, playbooks, and knowledge base documents.
- Troubleshoot issues in production and other environments, applying debugging and problem-solving techniques (e.g., log analysis, non-invasive tests).
- After hours on-call support occasionally required.
What you'll be part of - our Deloitte Global Culture:
Who you'll work with:
Qualifications:
Required:
- 2+ years of Splunk security content development experience
- 1+ years of Splunk engineering experience
- Strong understanding of Splunk Enterprise Security
- Strong understanding of Cloud Services – Azure, AWS
- Strong understanding of Splunk data models and CIM validation
- Experience working with a strict change control process utilizing tools such as Azure DevOps
- Knowledge of security tools, networking, firewalls, load balancers etc.
- Knowledge of best practices for IT operations in an always-on, always-available service model
- Good communication skills and the ability to communicate appropriately with technical teams.
- Good influencing and reasoning skills; good at conflict resolution and consensus building.
Education and experience:
- Bachelor’s degree in Computer Science, Computer Engineering, Finance, Mathematics, Business Information Systems or other bachelor’s degree combined with relevant experience and accomplishments.
- One of more of the following: Splunk Certified Admin, Splunk Certificated Architect, Splunk Certified Consultant
Preferred:
· Experience in working in a large global organization
- Universal/Heavy Forwarder configuration experience, including encryption and compression settings
- A solid understanding of Windows and Linux administration utilizing Command Line Interface (CLI)