What you’ll be doing:

• Provides immediate supervision and mentorship to a team of engineers and other members of the Threat Detect and Response team.

• Administer Splunk Enterprise Security, To include: Index, Sourcetype, Field, CIM Compliance, Use Cases and SPL upkeep

• Create and Implement Security and Business use-cases in the Splunk framework

• Create Splunk queries in SPL and XML for reports, metrics and dashboards

• Create custom field extractions, TA’s and sourcetypes

• Troubleshoot and optimize SPL for large queries or data sets with strong knowledge of the Splunk search pipeline

• Write applications/integrations that pull data from a source system for writing to Splunk (Python preferred)

• Create thorough documentation on new integrations created, network flows, automation initiatives and projects and Processes/Procedures

• Creating integrations with various enterprise level security tools and ticketing system

• Work directly with our detection and Incident Response teams to identify gaps in logging, alerting and areas to improve/automate

What we are looking for: 

• 5+ years designing, engineering and securing complex infrastructure architectures

• 3+ years of direct administration experience with a Splunk Enterprise environment

• 2+ years leading or mentoring a cyber security team or group

• Understanding and implementation of log data flow, data formatting/normalization, logging best practices and data forwarding between various security controls. between source systems and Splunk components

• Direct experience with development or deployment in the cloud (AWS, Azure)

• Comfortable with tooling that demonstrates an automation mindset: Chef, Puppet, Ansible, CI/CD experience, and can provide examples

• Experience with Linux administration and bash, Python, or Ruby scripting

• Experience with implementing best practices in regards to event collection and logging in cloud infrastructure and cloud services

• Experience in log management on different tiers of infrastructure and platform services

• Experience working with containerized and serverless computing platforms

• Experience in secrets management, encryption technologies, and key management

• Splunk certified ES Administrator or Splunk Architect certification is preferred

If that description fits your approach to security, we’d love to chat with you about what you can do to help our mission!