Splunk Engineer

Job Description

Your primary responsibility is maintaining the operations of, and helping design future architectures for, an enterprise wide Splunk. In this role, you will coordinate with teams that handle the day-to-day monitoring of, and initial security event detection and analysis for, all production systems, network infrastructure as well as all related information security systems, data and event logs using our SIEM and related tools. You will get to work with a highly skilled and experienced team focused on building the next generation of security solutions for our SaaS solutions in a world class Splunk environment.Here is what our leaders, Manager of Cloud Security Engineers ( Joe Hartmann ), has to say about the growth opportunity for this role: Our team is expanding and is actively searching for technical professionals to come join our dedicated, energetic and fast-growing global team. If you are currently in another area of IT, and are considering a move into Information Security, this position is the gateway into that world. Prior experience is less important to us than the capability, willingness, and motivation to learn across a wide variety of technical areas. iM Responsible For

• Developing a strategic SIEM and Security Analytics architecture that aligns with business needs in support of security detection and response operations
• Building out and implementing reports and visualizations to inform security managers
• Acting as primary contact and project manager for the onboarding of new data sources including normalization
• Ensuring data quality standards are achieved (e.g. Splunk CIM compliance, data models, acceleration)
• Engaging 3rd party vendors and service providers as needed for support of core Splunk operations
• Troubleshooting and configuring data collection across networking devices, various platforms, databases, and host operating systems
• Actively monitoring key performance indicators for overall Splunk health and stability
• Identifying and performing root cause analysis for sources of Splunk infrastructure and operations service degradation
• Building, deploying, and maintaining Splunk infrastructure and applications utilizing existing automation tools and processes to minimize manual work (e.g. Windows, Linux, Azure, AWS, etc)
• Performing as an administrator for Splunk Enterprise Security app
• Acting as technical team lead in the development as well as delivery of custom content and event reporting

iM Qualified Because I Have

• 3+ years of direct Splunk administration experience
• 2+ years of experience working with SIEM tools performing over the full lifecycle including: deployment, configuration, maintaining operations, content development, and retirement
• 1+ years of familiarity or working experience with security tools (e.g. firewalls, IDS, EDR, IAM)
• 1+ years working on or with cross discipline teams such as: incident response, compliance, and site reliability engineering
• Proficiency creating Splunk knowledge objects such as: field extractions, event types, tags, lookups, data models, etc.)
• Assisted in the creating, updating, and managing of notable events
• Used or/and administrated Splunk premium apps such as Splunk ES, UBA, or ITSI
• Custom use case and correlation search content development experience including statistical and analytical modeling (ideally utilizing Splunk MLTK)
• Scripting and automation experience automating tasks
• Experience around log collection strategies for containers using Docker, Kubernetes and Mesos as well as third-party container security products such as Sysdig, Twistlock, Tanium
• Hands on experience maintaining Splunk TAs, Add-ons, and applications

Bonus Points if I Have.

• Direct experience deploying Splunk Enterprise in a public cloud environment
• Hands on experience implementing with Cribl LogStream
• Automation experience using Ansible, Puppet, Chef, Terraform, and/or Salt
• An understanding of various logging solutions such as Elastic Logstash, Apache Kafka & syslog
• One or more of the following certifications: Splunk certifications (Certified Splunk Administrator preferred), AWS or Azure certifications, Docker certifications or ISC2 Cloud Security Certification (CCSP)

iM Getting To

• Join a supportive, experienced team benefiting from continuous growth within an inclusive, encouraging and vibrant culture
• Onboard remotely and be included in all aspects of iManage life
• Collaborate cross functionally
• Help mentor, lead, and coach junior team members
• Focus on meaningful work, solving complex, real world issues utilizing the latest technologies and protocols
• Own your learning and growth within our career development support framework plus, access a huge range online learning library
• Receive competitive benefits that include; attractive salary based on market data, health/vision/dental/life insurance, 401k matching, performance bonuses, flexible working environment, generous PTO, unlimited sick days and so much more!

,

Keyskills :
data collectionsecurity systemsautomation toolsquality standardsservice providerscommercial modelscareer developmentworking experienceproduction systems