Job Description :
Job Title: *Splunk Engineer *
*Location: Mclean, VA*
As a *Splunk Engineer *, you will develop, implement, and use Splunk
solutions to integrate data feeds and create content to solve unique
problems across a variety of use cases.
*What you''ll do:*
- Develop Splunk Dashboards, searches and reporting to support various
internal clients in Security, IT Operations and Application Development
- Assist with on boarding relevant data sources as needed, including
inputs, SQL, index-time configurations, search-time field extractions,
event types, parsing rules, and tags
- Work with internal clients to develop requirements, relationships
and value metrics
- Extract complex fields from different types of Log files using
Regular Expressions
- Work with Application Development to create a standard for all in
host applications, to log directly to Splunk
- CIM mapping for all internal applications, for use in Splunk ES
(Enterprise Security)
- Develop Advanced Dashboards, using Machine Learning / Business
Intelligence, to monitor for access / security violations in Zotec
applications
- Monitor and track Splunk performance problems
- Create custom Splunk Applications as needed
*What you''ll bring:*
- 5+ years hands on IT security engineering and/or architecture
experience with Security Incident and Event Management (SIEM)
technologies
- 3+ years direct experience architecting, configuring, deploying,
and/or customizing Splunk
- Expertise in application monitoring and event log management
- Extensive experience creating alerts, dashboards, and reports
- Expert or near-expert knowledge of a distributed Splunk
installation - Multi-site Indexer Cluster, Search Head Cluster,
Forwarders
(Universal/Heavy), Deployer, Deployment Server
- Strong knowledge of Splunk search language
- Knowledge of Splunk Best Practices, Workflows, and Processes
- Experience with automation of Splunk infrastructure configurations
- Experience tuning and configuring Splunk App for Enterprise
Security (ES)
- Familiar with data on-boarding procedures, CIM compliance and data
normalization techniques
- Familiar with Index-time and Search-time data parsing
- Strong knowledge of Splunk search language
- Knowledge of Splunk Best Practices, Workflows, and Processes
*Skills*
- Able to work under pressure in time critical situations
- Excellent written and verbal communication skills are required
- Ability to communicate effectively with business representatives in
explaining impacts and strategies when necessary
- Flexibility to change direction and manage conflicting demands
- Outstanding organizational and data analytics skills
- Comfortable working in a fast-paced environment
- Ability to explain findings to non-technical professionals
- Excellent report writing and presentation skills
- Project planning skills
*Certifications*
- Splunk Certification(s) are a plus
- Splunk Power User Certification
- Splunk Administrator Certification
- Splunk Architect Certification
*