Vacancy expired!
- Administer Splunk Enterprise Security.
- Support and maintain complete logging infrastructure such as log storage, syslog and Windows Event Collector servers, and database connections.
- Troubleshoot Splunk server and forwarder issues.
- Tune search and indexer performance.
- Create and manage Splunk knowledge objects (field extractions, macros, event types, etc.).
- On-board new data sources into Splunk, analyze the data for anomalies and trends, and build dashboards highlighting key trends.
- Perform data mining and analysis, utilizing various queries and reporting methods.
- Monitor and troubleshoot existing input (file monitoring, http, modular).
- Map customer data to the Splunk Common Information Model (CIM).
- Implement KV stores, lookups, and data model acceleration to optimize search performance and reporting.
- Build and integrate contextual data into notable events.
- Perform requirements gathering.
- Develop security use cases within Splunk Enterprise Security for SOC consumption.
- Mentor users and other groups on their use of Splunk.
- Perform technical writing and creation of formal documentation such as architecture diagrams, technical designs and SOPs.
- Monitor the agent and server infrastructure for capacity planning and optimization.
- Monitor license consumption and make recommendations based on trends in license usage.
- Experience deploying applications within Splunk or administrating the Splunk platform.
- Experience with data normalization and data modeling within the Splunk environment
- Knowledge of Splunk architecture and best practices.
- Expertise with Linux and command-line interface.
- Understand methods of collection, logging, windows filtering and tuning/base-lining data
- Intermediate level understanding of Solaris, Linux, and Windows operating systems and Oracle/MSSQL databases.
- Experience working with security technologies to include endpoint security tools, boundary protection technologies, network security tools, and vulnerability management technologies.
- Experience with the development of documentation, architecture diagrams, and process and procedures for end users.
- Experience with Regular Expressions (regex).
- Knowledge of advanced search and reporting commands.
- Knowledge of network technology and common Internet protocols.
- Understanding of system log files and other structured and non-structured data.
- Splunk Certified Administrator certification
- Splunk User and Power User certification
- Splunk Architect certification is highly desired
- Bachelor’s degree and 5 years of related Information Security experience; Or
- Master’s degree and three years of related experience.
- All candidates for consideration must be eligible to obtain a Public Trust.
Vacancy expired!