Splunk Content Developer

Job Description

Job Description

Kinzo Staffing is seeking a Splunk Enterprise Security Engineer who can develop custom detection content (correlation rules) identify threat activity. This includes developing notable events, visualizations, forms, reports, alerts, as well as Splunk Apps, Technology Add-ons, and normalize data sources to the Common Information Model. The candidate will provide optimization of data flow using aggregation, filters, etc. The Splunk Engineer will provide overall engineering, and administration in supporting a very large distributed clustered Splunk environment consisting of search heads, indexers, deployers, deployment servers, heavy / universal forwarders and Splunk Enterprise Security app, spanning security, performance, and operational roles. The Engineer should be proficient with recognizing and onboarding new data sources into Splunk, analyzing the data for anomalies and trends, and building dashboards highlighting the key trends of the data. The Splunk engineer should be proficient within a Linux environment, editing and maintaining Splunk configuration files and apps.

What you will do :

• Alert use case development
• Upgrade Splunk apps required by Splunk ES upgrades.
• Splunk Enterprise Security administration and management.
• Configure notable event actions, action menus and Adaptive Responses.
• Data onboarding and data ingestion normalization recommendations.
• Strong knowledge of security risk procedures, security patterns, authentication technologies and security attack pathologies.
• Develop, evaluate, and document, specific metrics for management purpose.
• Write complex code to install and manage the Splunk enterprise development.
• Performing maintenance and optimization of existing clustered Splunk deployments.
• Create Dashboards to monitor the traffic volumes, response times, errors, and warnings across various data centers.
• Monitor the web portals, log files and databases.
• Provide debugging and monitoring capabilities.
• Design and Develop Splunk for routine use.
• Solve complex Integration challenges and debug complex configuration issues.
• Consult with stakeholders to establish, maintain and refresh their strategic direction in cloud adoption.
• Become knowledgeable on the CDM technical requirements for the federal government’s CDM program. Understand your role in CDM activities.
• Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access.
• Design, manage, and maintain enterprise SIEM infrastructure to improve data ingestion processes, including architectural work on data pipelines to ensure optimal flow of data.
• Maintenance, configuration and implementing products, appliances and devices on the enterprise network.

Qualifications : Required Qualifications :

50 servers)

Preferred Qualifications :