Security Engineer - Splunk

Role Summary

As a subject matter expert, the security engineer is accountable for administering and maintaining the client's Splunk infrastructure. The engineer is responsible for ensuring the successful deployment of the system, overseeing process improvements, and driving the implementation of new capabilities. In close collaboration with the Cyderes team at multiple levels, the security engineer aligns business and IT objectives, identifies security and operational pain points, and offers recommendations. The engineer also recognizes both current and future IT security needs.

Responsibilities:

• Administration and maintenance of Splunk Cloud and Splunk On-Prem Platform
• Provide expert support for Splunk during business and non-business hours.
• Conduct system health checks for Splunk and provide recommendations on performance improvements.
• Assist customers with their requests, including configuring log sources, installing apps, parsing data, developing use cases, and troubleshooting complex issues.
• Responsible for patching, updating, and upgrading Splunk and ensuring that changes and client requests follow Cyderes' standard change management process.
• Monitor and tune Splunk to optimize system performance.
• Manage Splunk knowledge objects (Apps, Dashboards, Saved Searches, Scheduled Searches, Alerts)
• Administer Splunk servers from the command line and work with configuration files. (Ansible Automation, Python, CentOS 7, RHEL 7)
• Develop custom Splunk apps to meet customer needs in a variety of domains: IT Security, Financial, IT ops, Human Resources, Physical Security, etc.

• Generate supporting documentation (build books) on Splunk solutions, including logical diagrams and custom configurations, for use by our managed services group and clients.
• Maintain strong technical understanding and proficiency in Splunk and associated technologies, such as ES/UBA/Edge Processor configuration.
• Develop technical solutions to automate repeatable tasks.
• Perform root cause analysis for incidents and provide solutions.
• Open, follow-up, and resolve customer requests with 3^rd party vendors.
• Interact with customers and technical service leads to understanding their business challenges and desired outcomes.
• Support on-call rotation to assist customer priority requests during business hours, non-business hours and public holidays.

Desired Skills and Experience

• College Diploma or University Degree in Information Security or relevant security up-to-date certificates and/or equivalent work experience
• 5+ years of experience with Splunk Core and Splunk Enterprise Security Administration
• Certification as a Splunk Architect and Splunk Enterprise Security Certified Administrator
• Strong background in designing, deploying, and maintaining Splunk Core and Enterprise Security on RHEL in a large, distributed environment.
• Understanding of Splunk knowledge objects and engineering skills
• Experience with Splunk Search Processing Language
• Experience with Spunk dashboards and Splunk knowledge object creation (e.g. fields, lookups, macros, etc.)
• Proficient knowledge and experience with data collection, data parsing, and data normalization
• Strong understanding of IT Security concepts, best practices, and market direction
• Proficient in Linux configuration and common administration tasks
• Expertise in enterprise logging with a focus on security event logging
• Understanding of regular expression and query languages
• Practical experience in the administration of Linux infrastructure (specifically regarding log collectors or other syslog technology deployed for 3rd party/non-Microsoft log ingestion)
• Some knowledge of other SIEM platforms, such as Sentinel, QRadar or Chronicle