- Splunk Engineer SME with 5-10 years of experience as a Splunk Engineer with security focus.
- Extensive experience with configuring and tuning Splunk base and Splunk ES in a large enterprise environment.
- Solutions may be cloud-based or remote-managed on-premise solutions.
- Able to work with clients to maximize Splunk value and effectiveness.
- Experience with correlation rules for creating security alerts.
- Capable of leveraging Splunk capabilities in support of SOC process flows.
- Experience tuning Splunk for efficiencies in a high-capacity environment.
- The role is expected to contribute to documentation and adhere to SLA targets and requirements.
- The daily duties include hands-on troubleshooting, interfacing with clients and associates as needed to resolve complex cases, maintaining and patching managed security platforms.
- Preferred background includes Splunk architecture design, implementation, configuration and tuning.
Top Technical Skills required:
• Splunk/Splunk ES
• Data ingestion knowledge
Provide direct technical support including:
• Support security team leveraging Splunk as a security tool
• Assist customers with Splunk deployments and tuning
• Analyze and recommend improvements to existing Splunk environments
• Help plan, architect, and execute Splunk upgrades
• Familiarity with the configuration file options that are not available through the GUI
• A sophisticated understanding of Splunk “Search” language
• A deep understanding of Splunk Dashboards, Reports, Lookup Tables, and Summary Indexes.
• Tune notable alerts to meet customer needs and mission objectives
• Basic troubleshooting on the full range of Fortinet products
• Collection, analysis and change recommendations of configuration information
• Collection and analysis of customer network information
• Collection and initial analysis of packet trace information
• Recommend corrective actions based on analysis
• Provide customer education where needed due to gaps in networking, product knowledge
• Consultation of technical documentation, bulletins and release notes for known problems
• Reproduction of customer environments on lab equipment
• Follow up on technical cases including proper escalation and management of the case
• Manage customer communications and expectations until the closure of each case
Education and Experience:
* US Citizen Required
• BS preferred in computer science, information systems, information assurance equivalent work experience
• 5-10 years of experience as Splunk Engineer with security focus
• Splunk certifications strongly desired
• Industry certifications such as GSEC, CISM, CISSP, etc
• Bash and Python scripting
• Strong verbal and written English communications skills required