Security Platform Engineer - Splunk Enterprise

Security Platform Engineer - Splunk Enterprise

• Engineer, implement and administer SIEM platforms Arcsight, Splunk Enterprise, Splunk Enterprise Security, Splunk UBA, Splunk Phantom in public cloud and on-premise datacenter.
• Analyze, design, build & support Splunk Multi-Cluster Architecture. Maintain the existing Arcsight infrastructure
• Incident & Problem Management, Change & Release Management, Vendor Management and Capacity Management functions for these applications
• Manage Tier 3 production support tasks that cannot be handled by service provider who will provide 24X7 monitoring and maintenance of the platforms.
• Proficiency developing log ingestion and aggregation strategies
• On-board new data sources into Splunk, analyze the data for anomalies and trends and build dashboards highlighting the key trends of the data.
• Monitor log sources to ensure there are no gaps in log collection for a source or from instances within a source
• Perform integration activities to connect with 3rd party software.
• Manage automating Splunk deployments and orchestration within AWS environment.
• Communicate requirements and risks to stakeholders such as Product, Engineering, and Security leadership.
• Work with cross-functional teams to proactively improve on existing integration automation/workflows.
• Maintain up-to-date knowledge of technology standards, industry trends, emerging technologies, and MSS best practices.
• Ensure technical issues are quickly resolved and help implement strategies and solutions to reduce the likelihood of recurrence.

• Splunk certifications such as Splunk Certified Developer, Enterprise Security Implementation, Splunk Enterprise Certified Consultant and/or Splunk Enterprise Certified Architect
• Experience implementing, architecting and administering Splunk and Splunk Enterprise Security, Splunk UBA and Splunk Phantom
• Azure/AWS knowledge required with experience preferred in managing Splunk implementation in AWS
• Must have hands on experience in Splunk Enterprise Environment setup and troubleshooting skills
• Must have knowledge on setting up new data feeds into Splunk
• Must be able to Maintain, Manage and Monitor Splunk Infrastructure (Identify bad searches, dashboards and manage overall health of Splunk
• Experience on clustering and load balance Environments setup
• Experience writing Splunk queries in Splunk Programming Language (SPL). Thorough understanding of Splunk processing language, optimization principles, APIs, and SDK.
• Experience developing in XML, Bash, JavaScript and Python, Perl, PowerShell scripts
• Experience with platforms such as Ansible, Puppet and Chef
• Experience with other Information Security solutions including Symantec DLP, ZScaler, Palo Alto, Symantec, Check Point, McAfee, Active directory
• Independent, self-motivated, proactive approach to problem solving and prevention.
• Excellent written and verbal communication skills.
• Passion for the cybersecurity space.
• Broad experience with SOC, NOC and/or MSS operations.

• 7+ years of IT engineering experience in building and managing infrastructure and security platforms
• 3+ years of professional engineering experience with the Splunk platform
• Minimum 1 full lifecycle implementation experience of Splunk Enterprise and Splunk Enterprise Security
• In-depth knowledge of Splunk's multiple deployment options - including on-premise distributed deployments and public cloud
• Expertise with data ingest, data normalization (delivered TAs, custom TAs), search/query design and execution.
• Experience with Splunk component utilization (e.g. Indexer loads and requirements, search head peering, etc), component resourcing (e.g. underlying server specs), inter-component communications and tradeoffs (e.g. DNS vs IP tables, usage of SSL, etc) and underlying platform requirements.
• Expert-level experience with SIEM technologies - implementation, tuning, troubleshooting Splunk and Arcsight
• Expertise in building, deploying, scaling, and troubleshooting the various facets of large scale Splunk clusters and supporting apps.
• 3+ years of DevOps Engineering experience
• 3-5 years of hands on experience with security monitoring tools such as IDP/IDS, FW and AV with a strong understanding of network protocols and network monitoring tools
• Hands-on experience supporting/developing enterprise technology and network infrastructure, including exposure to AWS or other public cloud infrastructure.
• Knowledge of scripting languages such as Python, Perl, bash, etc.
• Experience using Ansible and any flavor of Git.
• At least one of the following certifications: CASP, GCIH, GCWN, GISF, GISP, GSSP, GICSP, GSSP, SEI, CISSP, CSSLP, SSCP, CCNP, CCNP Security, CCIE Security, CEH, ECSP, MCSE, RHCA, RHCE, VCP, VCAP, VCIX, VCDX