Job Description

Splunk Engineer

100% Remote - EST Business Hours

12m Contract to Hire

** Unable to do C2C or Provide Sponsorship**

Statement of Work:

The Splunk Admin/ Engineer will support a large team of infrastructure, security and application team during migration of on-prem and cloud applications to the client Azure Government enclave. The Splunk Admin/Engineer will configure, operate and maintain the Splunk environment across data sources and user needs in a multi cloud environment. In addition, will be responsible for data ingestions, search query writing, scripting, data visualization, Splunk architecture changes, and deployment. This role will also support the security assessment and authorization/ ATO team and provide input for security audits. He/She will be working closely with the SOC and incident response teams to investigate incidents.

Required Skills:

• 5+ years’ experience configuring, deploying and maintaining and optimizing Splunk:

• Administer and manage the day-to-day operations of the Splunk Environment

• Oversee Splunk indexers, search heads, forwarders to ensure optimal performance

• Implement and manage federated queries, Splunk dashboards, alerts, and reports.

• Integrate Splunk with various data sources and external platforms (including other SIEM tools) in a multi cloud environment

• Develop and maintain Splunk Knowledge objects, queries, and advanced data visualization

• Perform Splunk upgrades, patching, and routine maintenance tasks

• Troubleshoot and resolve issues related to Splunk installation, data inputs, and log parsing

• Work closely with the SOC team to monitor and analyze logs, reports and alerts

• Strong knowledge of Search Processing Language (SPL) to query and manipulate data

• Experience in Operating System administration for the platforms Splunk runs on (RHEL, Linux, Windows)

• Familiarity with Shell commands and scripting for automation

• Design, implement, and maintain Splunk apps and add-on.

Required Qualifications:

• Bachelor’s degree in a related field

• U.S. Citizen

• Ability to acquire a Public Trust Background investigation

Preferred Skills:

• Splunk Enterprise Certified Administrator (SECA)

• Familiarity with cloud platforms and integration with Splunk

• Knowledge of other security tools

• Experience with automation tools (e.g. Ansible, Puppet, or Chef)

•Certified in industry recognized areas such as CISSP, CISA, or CISM

• Excellent organization, collaboration, project management, and team leadership skills

• Strong communication skills and experience creating and delivering compliance status and metrics briefings to senior leadership

BENEFITS OF WORKING WITH BROOKSOURCE:

• Direct communication with the hiring manager, which allows us to move candidates through the interview process faster.
• Dedication to keep an open line of communication and provide full transparency.

We are an equal opportunity employer and value diversity at our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Job Tags

Similar Jobs