Splunk Engineers | On-Site, Remote & Hybrid | Multiple Levels

Job Description

Job Description

JOB SUMMARY :

Seeking multiple Splunk Engineers to Join Zivaro’s team. Our team supports both Federal and State customers in their efforts to develop and maintain a Splunk environment.

While much of this role may be conducted remotely, some positions / programs require travel to customer sites and / or a government security clearance (Secret, Top Secret, TS / SCI + Poly).

POSITION RESPONSIBILITIES : Roles may include some or all of the following

• Manage multiple assignments, changing priorities, and work independently with little oversight
• Build, implement, and administer Splunk in Linux and Windows environments
• Work with existing and custom Splunk applications and add-ons to fulfill customer needs
• Provide overall engineering and design support for a distributed Splunk environment
• Editing and maintaining Splunk configuration files and apps
• Troubleshoot Splunk configuration settings needed to ensure proper operation of Splunk
• Perform API integrations with other 3rd party vendor software
• Able to create, modify, update, and maintain Python and PowerShell scripts
• Onboard data to Splunk
• Security event data normalization and practices to provide ES with data enrichment with Common Information Modal (CIM) compliance.
• Provide assistance for detailed view of notable events, workbook for open investigations, and risk analysis scoring system.
• Recommend actions in security operations center tier I and tier II incident response incidents.
• ES tuning performance by editing, creating search language of searches to modify and reduce number of notables and removal of low value searches.
• Configuration of correlation searches, dashboard searches, risk modifiers, threat intelligence feeds, workflow actions and Enterprise Security content.
• Automate issue resolution and compliance reporting to lower time on detection, time on mitigation for security organizations.
• Integrate Splunk Mission Control, Splunk Security Orchestration, Automation Response (SOAR), and / or other customer approved security product applications utilizing Enterprise Security.
• Utilize data thresholds, trend-based conditions and behavioral pattern recognition.
• Enterprise Security (ES) to support tier I alerting, investigations, and O&M of the SIEM.
• Support hunt missions (tier II) and Defensive Cyber Operations (DCO) (tier III) as needed
• Provide best business practices and recommendations in contribution to customers security strategy and SOC policies.
• Design resiliency using ITSI; build out an ITSI application and implement the design to run ITSI at multiple locations and have one location have overall oversight.
• Data onboarding, data normalization and day-to-day maintenance of Splunk platform.

QUALIFICATIONS : Roles may require some or all of the following

• Splunk Enterprise Architect certification
• Splunk Core Consultant Certification
• Splunk Enterprise Security Certification
• Splunk IT Service Intelligence Certified Admin - ITSI
• Working knowledge of SOAP / REST APIs, JSON, HTML / CSS, JavaScript, and XML
• Authored SOPs, playbooks, work instructions and / or other process documents
• CISSP or Security Plus credentials
• Experience with Python development
• Experience working in Splunk Cloud environment
• Willing to direct and guide junior consultants on the team
• Data onboarding, visualizations, and use case tuning
• Background in Linux, Python, networking, high level troubleshooting skills

YEARS OF EXPERIENCE : Minimum 3+ years of experience with Splunk

SECURITY CLEARANCE : Varies no clearance to TS / SCI + Poly

EDUCATION : Bachelor’s degree in related field, or equivalent experience preferred

BENEFITS :

Benefit offerings include medical, dental, vision, life insurance, disability, flexible spending accounts, paid holidays, flexible PTO program, 401k program.

Come join a Top Places to Work organization!!!

U.S. Citizenship is required for all positions at Zivaro, due to security clearance and government / federal contracts held by Zivaro.

EEO STATEMENT

ZIVARO fully subscribes to the principles of Equal Employment Opportunity. It is our policy to provide employment, compensation and other benefits related to employment based on qualifications, without regard to race, color, religion, national origin, age, sex, veteran status, disability, sexual orientation, gender identity or any other basis prohibited by federal, state or local law.

In accordance with requirements of the Americans with Disabilities Act, it is our policy to provide reasonable accommodation upon request during the application process to eligible applicants in order that they may be given a full and fair opportunity to be considered for employment.

As an Equal Opportunity Employer, we intend to comply fully with applicable federal and state employment laws and the information requested on this application will only be used for purposes consistent with those laws.