Remote Splunk Engineer - Consultant Certified / ES Accreditation Required (R-00059)

Description:

• The Splunk Engineer will be part of a team maintaining various client's Splunk instances with a focus on data onboarding, content development, reporting, and visualizations.
• Candidates must have prior Splunk engineering and administration experience and meet certification prerequisites.
• Experience supporting federal customers is a plus.
• The role includes access to a comprehensive knowledge base and technical support from the True Zero community and PS team.
• Collaboration and growth are encouraged through information sharing and knowledge workshops.
• Candidates will have access to an internal Slack channel and necessary tools for training, demos, testing, and professional skill development.

Requirements:

• A US background check is required for this position.
• Candidates must possess a Splunk Consultant Certification.
• Heavy experience with Splunk ES is required.
• Experience ingesting logs into Splunk via Cribl is mandatory.
• Familiarity with Risk-Based Alerting (RBA) is necessary.
• Candidates should be able to develop and implement actionable alerts and workflows for Splunk as a SIEM tool.
• Experience in developing and implementing apps and knowledge objects such as dashboards, reports, and data models is required.
• Candidates will work with the Splunk Architect/Admin to promote private knowledge objects to global knowledge objects.
• The role involves assisting and/or training the CISO Splunk Engineering team on data lifecycle management.
• Candidates should support, train, and/or host workshops for CISO teams and analysts on searching and content development.
• Development and implementation of automation to improve CISO workflows using Splunk is expected.
• Candidates will assist in developing advanced security use cases in Splunk.
• Development of risk rules and incident rules to correlate and alert significant cyber events is required.
• Custom dashboards specific to RBA must be developed to highlight risk details and health analysis.
• Configuration of incident response and remediation workflows for ES around notable events is necessary.
• Candidates should develop custom machine learning models to support anomaly detection-based alerting.
• Understanding of network protocols, operating systems, applications, and device event telemetry is essential.

Benefits:

• The position offers a competitive salary, paid twice per month.
• Employees receive best-in-class medical coverage, with 100% of medical premiums covered by True Zero.
• There are company-wide new business incentive programs and contribution incentives for activities like white papers and internal webinars.
• Employees start with 3 weeks of PTO and receive 11 paid holidays annually.
• A 401k program is available with a 100% company match on the first 4%.
• Monthly reimbursement for cell phone and home internet costs is provided.
• Paternity and maternity leave are included in the benefits package.
• True Zero invests in training and certifications to help employees broaden and deepen their technical skills.