Full Time

Splunk (SIEM) Engineer

Posted 7 months ago

Job Description

Key Responsibilities:

  • Act as a Splunk enterprise Subject Matter Expert
  • Architect, design, support, and maintain high availability, distributed multi-clustered and multi-tenant Splunk deployment
  • Maintain strategic Splunk architectural development roadmap
  • Responsible for Splunk deployment and server infrastructure analysis, optimization, and capacity planning
  • Responsible for onboarding and maintaining a wide variety of data sources to include various OS, appliance, and application logs
  • Support Splunk on Unix, Linux, and Windows-based platforms
  • Perform data mining and analysis, using various query and reporting methods
  • Solve/troubleshoot complex integration challenges and configuration issues
  • Create advanced searches, dashboards, visualizations
  • Manage Splunk knowledge objects
  • Technical writing/creation of formal documentation such as architecture diagrams, technical designs, and SOPs

Skills Required:

  • Very good knowledge in setting up and managing an Enterprise-wide Security Incident and Event Management (SIEM) based on Splunk Enterprise
  • Good knowledge of virtual environment based on VMWare infrastructure
  • Demonstrated experience in using API for data ingestion and tools integration
  • Demonstrated experience in Linux/UNIX Systems administration, preferably with RedHat
  • Strong knowledge of Python Scripting language.
  • Understanding of service delivery management and service lifecycle
  • Key skills: Good level of Splunk (Using and administering), Python, Understanding the structure of Network Devices logs, VMWare infrastructure, Strong understanding of the IP/TCP Stack  
  • Education: University Degree or extensive experience working in a Security Operations environment