Remote Splunk Engineer - Consultant Certified/Heavy ES Experience Required (R-00028)

Description:

• The Splunk Engineer will be part of a team maintaining various client's Splunk instances with a focus on data onboarding, content development, reporting, and visualizations.
• Candidates must have prior Splunk engineering and administration experience and meet certification prerequisites.
• Experience supporting federal customers is a plus.
• The role includes developing and implementing actionable alerts and workflows for Splunk as a SIEM tool.
• Responsibilities also include developing and implementing apps and knowledge objects like dashboards, reports, and data models.
• The engineer will work with the Splunk Architect/Admin to promote private knowledge objects to global knowledge objects.
• The position involves assisting and training the CISO Splunk Engineering team on data lifecycle and hosting workshops for CISO teams and analysts on searching and content development.
• The engineer will develop automation to improve the efficiency of CISO workflows using Splunk and assist in developing advanced security use cases.
• Responsibilities include developing risk rules and incident rules to alert on significant cyber events and creating custom dashboards for risk-based alerting.
• The role requires configuring incident response and remediation workflows for notable events and developing custom machine learning models for anomaly detection.
• The engineer will collaborate with stakeholders to implement and maintain event logging from various systems and understand network protocols, operating systems, applications, and device event telemetry.

Requirements:

• A US background check is required for this position.
• Candidates must possess a Splunk Consultant Certification.
• Heavy experience with Splunk ES is necessary.
• Experience with Risk-Based Alerting (RBA) is required.
• Candidates should have the ability to develop and implement actionable alerts and workflows for Splunk as a SIEM tool.
• Experience in developing and implementing apps and knowledge objects like dashboards and reports is essential.
• The candidate must be able to work with the Splunk Architect/Admin to promote private knowledge objects to global knowledge objects.
• The role requires the ability to assist and train the CISO Splunk Engineering team on data lifecycle.
• Candidates should be capable of supporting and hosting workshops for CISO teams and analysts on searching and content development.
• The engineer must have experience in developing automation to improve CISO workflows using Splunk.
• The ability to develop risk rules and incident rules for significant cyber events is required.
• Candidates should be able to create custom dashboards for risk-based alerting and configure incident response workflows.
• Experience in developing custom machine learning models for anomaly detection is necessary.
• The candidate must understand network protocols, operating systems, applications, and device event telemetry.

Benefits:

• The position offers a competitive salary, paid twice per month.
• Employees receive best-in-class medical coverage with 100% of medical premiums covered by True Zero.
• There are company-wide new business incentive programs and contribution incentives for white papers, blog posts, and internal webinars.
• Employees start with 3 weeks of PTO and receive 11 paid holidays annually.
• A 401k program is available with a 100% company match on the first 4%.
• Monthly reimbursement for cell phone and home internet costs is provided.
• Paternity and maternity leave are offered.
• True Zero invests in training and certifications to help employees broaden and deepen their technical skills.