Remote Cribl Engineer - Public Trust or higher Preferred (R-00040)

Description:

• The Cribl Engineer will be part of a team of Engineers maintaining various clients' Cribl and Splunk instances with a heavy emphasis on Cribl pipeline development, parsing, tuning, and content enablement in both Cribl and Splunk.
• The ideal candidate will have a proven track record in managing and optimizing production environments for these platforms and will hold relevant certifications.
• Candidates with backgrounds supporting federal customers are preferred.
• As a TZT consultant, the candidate will receive access to the full knowledge base driven by the True Zero community and the technical backing of the entire PS team.
• True Zero encourages collaboration and growth through information sharing and knowledge workshops.
• The candidate will have access to an internal Slack channel to stay connected with the team and the necessary tools to train, demo, test, and grow their professional skills.

Requirements:

• A minimum of Cribl Certified Admin Certification or commensurate experience is required.
• A minimum of Splunk Architect Certification or commensurate experience is required.
• Proven experience in production environments for both Cribl and Splunk hosted in AWS environments is necessary.
• Strong expertise in data parsing, pipeline development, and tuning within Cribl is essential.
• A deep understanding of Splunk architecture, data models, and advanced search techniques is required.
• Expertise in implementing and supporting Splunk Enterprise Security use cases is necessary.
• The ability to troubleshoot and resolve production issues in both Cribl and Splunk environments is required.
• Candidates must be able to collaborate with stakeholders to gather requirements and deliver tailored solutions.
• Experience designing and implementing ground-up Cribl installations is necessary.
• Experience designing and implementing ground-up distributed Splunk installations, including all Splunk server roles, is required.
• Experience with advanced configuration of Splunk, including Indexer Clustering and Search Head Clustering, is necessary.
• Experience developing custom Splunk content, including scheduled searches, reports, and dashboards, is required.
• Proficiency in data onboarding activities, including custom parsing rules and custom Technology Add-On building according to Splunk's Common Information Model (CIM), is essential.
• Experience configuring indexes, index routing, and retention policies is required.
• Candidates must have experience working in Linux and Windows environments and the ability to configure storage subsystems, SELinux, and file permission settings.
• Excellent written and oral communication skills are required, along with the ability to work closely with multiple customers, manage expectations, and track engagement scope.

Benefits:

• The position offers a competitive salary, paid twice per month.
• Best-in-class medical coverage is provided, with 100% of medical premiums covered by True Zero.
• Company-wide new business incentive programs are available.
• Contribution incentives, such as white papers, blog posts, and internal webinars, are offered.
• Employees receive 3 weeks of PTO starting and 11 paid holidays annually.
• A 401k program with a 100% company match on the first 4% is included.
• Monthly reimbursement of cell phone and home internet costs is provided.
• Paternity and maternity leave are available.
• Investment in training and certifications to broaden and deepen technical skills is encouraged.