Security Platform Engineer - Splunk Enterprise
As a Security Platform Engineer, you will play a key technical role in our Security Analytics Platform team within the CIS engineering organization. You will serve as a technical expert for product engineering and service support for critical enterprise security technologies of the firm's Information Security Services.
The role primarily entails hands on product design and deployment specifically for building and managing SIEM platforms like Splunk Enterprise, Splunk User Behavior Analytics, Splunk Phantom, Splunk Enterprise Security and Arcsight. Responsibilities will include:
- Engineer, implement and administer SIEM platforms Arcsight, Splunk Enterprise, Splunk Enterprise Security, Splunk UBA, Splunk Phantom in public cloud and on-premise datacenter.
- Analyze, design, build & support Splunk Multi-Cluster Architecture. Maintain the existing Arcsight infrastructure
- Incident & Problem Management, Change & Release Management, Vendor Management and Capacity Management functions for these applications
- Manage Tier 3 production support tasks that cannot be handled by service provider who will provide 24X7 monitoring and maintenance of the platforms.
- Proficiency developing log ingestion and aggregation strategies
- On-board new data sources into Splunk, analyze the data for anomalies and trends and build dashboards highlighting the key trends of the data.
- Monitor log sources to ensure there are no gaps in log collection for a source or from instances within a source
- Perform integration activities to connect with 3rd party software.
- Manage automating Splunk deployments and orchestration within AWS environment.
- Communicate requirements and risks to stakeholders such as Product, Engineering, and Security leadership.
- Work with cross-functional teams to proactively improve on existing integration automation/workflows.
- Maintain up-to-date knowledge of technology standards, industry trends, emerging technologies, and MSS best practices.
- Ensure technical issues are quickly resolved and help implement strategies and solutions to reduce the likelihood of recurrence.
- Splunk certifications such as Splunk Certified Developer, Enterprise Security Implementation, Splunk Enterprise Certified Consultant and/or Splunk Enterprise Certified Architect
- Experience implementing, architecting and administering Splunk and Splunk Enterprise Security, Splunk UBA and Splunk Phantom
- Azure/AWS knowledge required with experience preferred in managing Splunk implementation in AWS
- Must have hands on experience in Splunk Enterprise Environment setup and troubleshooting skills
- Must have knowledge on setting up new data feeds into Splunk
- Must be able to Maintain, Manage and Monitor Splunk Infrastructure (Identify bad searches, dashboards and manage overall health of Splunk
- Experience on clustering and load balance Environments setup
- Experience writing Splunk queries in Splunk Programming Language (SPL). Thorough understanding of Splunk processing language, optimization principles, APIs, and SDK.
- Experience with platforms such as Ansible, Puppet and Chef
- Experience with other Information Security solutions including Symantec DLP, ZScaler, Palo Alto, Symantec, Check Point, McAfee, Active directory
- Independent, self-motivated, proactive approach to problem solving and prevention.
- Excellent written and verbal communication skills.
- Passion for the cybersecurity space.
- Broad experience with SOC, NOC and/or MSS operations.
The candidate shall have Degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field and a minimum of 7+ years of experience in Security engineering , system administration, database administration, network engineering, software engineering, or software development, with a concentration in Cybersecurity.
- 7+ years of IT engineering experience in building and managing infrastructure and security platforms
- 3+ years of professional engineering experience with the Splunk platform
- Minimum 1 full lifecycle implementation experience of Splunk Enterprise and Splunk Enterprise Security
- In-depth knowledge of Splunk's multiple deployment options - including on-premise distributed deployments and public cloud
- Expertise with data ingest, data normalization (delivered TAs, custom TAs), search/query design and execution.
- Experience with Splunk component utilization (e.g. Indexer loads and requirements, search head peering, etc), component resourcing (e.g. underlying server specs), inter-component communications and tradeoffs (e.g. DNS vs IP tables, usage of SSL, etc) and underlying platform requirements.
- Expert-level experience with SIEM technologies - implementation, tuning, troubleshooting Splunk and Arcsight
- Expertise in building, deploying, scaling, and troubleshooting the various facets of large scale Splunk clusters and supporting apps.
- 3+ years of DevOps Engineering experience
- 3-5 years of hands on experience with security monitoring tools such as IDP/IDS, FW and AV with a strong understanding of network protocols and network monitoring tools
- Hands-on experience supporting/developing enterprise technology and network infrastructure, including exposure to AWS or other public cloud infrastructure.
- Knowledge of scripting languages such as Python, Perl, bash, etc.
- Experience using Ansible and any flavor of Git.
- At least one of the following certifications: CASP, GCIH, GCWN, GISF, GISP, GSSP, GICSP, GSSP, SEI, CISSP, CSSLP, SSCP, CCNP, CCNP Security, CCIE Security, CEH, ECSP, MCSE, RHCA, RHCE, VCP, VCAP, VCIX, VCDX