Splunk Engineer - Consultant Certified - Remote

Overview

The Splunk Engineer will be responsible for maintaining various client Splunk instances, focusing on data onboarding, content development, reporting, and visualizations. This role requires prior Splunk engineering experience and relevant certifications.

In Short

• Maintain client Splunk instances with a focus on data onboarding.
• Develop actionable alerts and workflows for Splunk as a SIEM tool.
• Implement apps and knowledge objects like dashboards and reports.
• Support and train teams on searching and content development.
• Develop custom dashboards and machine learning models.
• Work with stakeholders to maintain event logging from various sources.
• Assist in developing advanced security use cases in Splunk.
• Configure incident response workflows around notable events.
• Collaborate with the Splunk Architect/Admin for knowledge promotion.
• Participate in workshops and knowledge sharing.

Requirements

• US Background Check Required.
• Splunk Consultant Certification.
• Heavy Splunk ES Experience.
• Experience ingesting logs into Splunk via Cribl.
• Experience with Risk Based Alerting (RBA).
• Knowledge of automation to improve CISO workflows.
• Understanding of network protocols and event telemetry.
• Ability to develop risk rules and incident rules for cyber events.
• Experience in developing custom dashboards for RBA.
• Strong collaborative skills to work with various stakeholders.

Benefits

• Access to a knowledge base driven by the True Zero community.
• Technical backing from the entire PS team.
• Opportunity for collaboration and growth through workshops.
• Access to tools for training and professional skill development.
• Supportive work environment focused on innovation.