Tier 3 Splunk Security Engineer/Architect

Role Summary:

As a Tier 3 Security Engineer for the Security Operations Centre Engineering Team, you are a member of a team which manages IT security on behalf of customers to reduce the impact of security incidents and system compromises. As part of the team responsible for the Security Event Management Service, you will be responsible for providing advanced Administrative for Splunk environments:

A basic understanding of the following technologies is strongly appreciated:

Firewalls, SIEM technology such as ESM, Big Data Analytics, and Endpoint solutions

Primary Responsibilities:

General Administration

  • Be able to validate Splunk deployment and look for ways to optimize in a large enterprise deployment
  • Basic understanding of Big Data analytics
  • Utilize SPLUNK regex to create source types and automatic field extractions
  • Be able up to script in Perl, Python and Bash
  • Ability to Utilize regex to filter data to appropriate indexes
  • Ability to manually configure props. conf, transforms. conf, inputs.conf, and outputs.confs, and other settings in SPLUNK
  • Provide primary system administration and maintains assigned technologies aiming up to keep all assigned clients and an N-1 patch level or mutually agreed upon above level on a case by case basis with each client.
  • Provides leadership on P-1, P-2, and  P-3 outage issues as needed
  • Be able to maintain, update, and troubleshoot Splunk cloud and onpremises technologies.
  • Reviews system health daily to identify issues while working with T1 and T2 engineers up to help resolve issues
  • Works closely with Client Architects and internal architects to propose new solutions to solve issues or avoid future challenges within the client environments.
  • Works with clients directly to solve issues with devices feeding the Splunk environment.
  • Creates and maintains a list of current patch level, hardware specs, and overall health for all assigned client’s appliances.
  • Be able to Configure, maintain, and troubleshoot Splunk Enterprise Security Application.
  • Configures, maintains, and trouble shots Splunk apps such as Palo Alto.
  • Mentors Junior team members daily
  • Creates change tickets and speaks to the change as needed  up to the change control board tickets for Splunk related changes.
  • Creates and maintains detailed documentation based on existing processes and procedures for the Splunk environments.
  • Provides thought leadership on how up to design and generate weekly and monthly metrics for client reports in relation to Splunk.
  • Updates client portfolio information as needed for Splunk.
  • Responses to audit requests or findings related as needed.
  • Works directly with Account managers of selected accounts to identify up-sale opportunities
  • Ensures that critical events and alerts are escalated within customer SLA agreement and documented for the assigned technologies.
  • Performs security log analysis during Information Security related events, identifying and reporting possible security breaches, incidents and violations of security policies.

Technical Requirements:

Must have demonstrated knowledge and experience with three or more of the following:

  • UNIX, AIX & Solaris
  • Linux
  • Windows Server Operating Systems
  • Internet Connectivity and Protocols (TCP/IP)
  • Wireless Networking
  • Network architecture best practices
  • Security Operations Centre/Information Protection Centre/Computer Incident Response Centre
  • Enterprise Security Information Management systems
  • VPN Communication Protocols
  • Switches/Routers (basic configuration)
  • Network/System Intrusion Detection or Prevention Systems
  • Understanding of basic security concepts: Principle of Least Access, Compartmentalization, etc.
  • Firewall (configuration knowledge)
  • Asset Management
  • Security threat and attack countermeasures 

Non-Technical Requirements:

  • Critical Thinking and Analytical skills
  • Excellent written and verbal communication skills
  • Strong troubleshooting and problem-solving skills
  • Team player with the ability to work autonomously
  • Ability to prioritize, and reprioritize work as required
  • Ability to be on Call on a rotational basis.
  • Ability to obtain and maintain a Nevada, Maryland, and Michigan Gaming licenses
  • This Role will require less than 20 percent travel.
  • A valid us passport is required for international travel
  • This role will require rotational on call for after hours support.