Job Description :
*Job Title: Splunk Engineer - F2F Needed*
*Job Location: Mclean, VA*
*Duration: 6 Months*
*Experience: 8-10 Years*
- 5+ years hands on IT security engineering and/or architecture
experience with Security Incident and Event Management (SIEM) technologies
- 3+ years direct experience architecting, configuring, deploying,
and/or customizing Splunk
- Expertise in application monitoring and event log management
- Extensive experience creating alerts, dashboards, and reports
- Expert or near-expert knowledge of a distributed Splunk installation -
Multi-site Indexer Cluster, Search Head Cluster, Forwarders
(Universal/Heavy), Deployer, Deployment Server
- Strong knowledge of Splunk search language
- Knowledge of Splunk Best Practices, Workflows, and Processes
- Experience with automation of Splunk infrastructure configurations
- Experience tuning and configuring Splunk App for Enterprise Security
(ES)
- Familiar with data on-boarding procedures, CIM compliance and data
normalization techniques
- Familiar with Index-time and Search-time data parsing
- Strong knowledge of Splunk search language
- Knowledge of Splunk Best Practices, Workflows, and Processes
Responsibilities:
- Develop Splunk Dashboards, searches and reporting to support various
internal clients in Security, IT Operations and Application Development
- Assist with on boarding relevant data sources as needed, including
inputs, SQL, index-time configurations, search-time field extractions,
event types, parsing rules, and tags
- Work with internal clients to develop requirements, relationships and
value metrics
- Extract complex fields from different types of Log files using Regular
Expressions
- Work with Application Development to create a standard for all in host
applications, to log directly to Splunk
- CIM mapping for all internal applications, for use in Splunk ES
(Enterprise Security)
- Develop Advanced Dashboards, using Machine Learning / Business
Intelligence, to monitor for access / security violations in Zotec
applications
- Monitor and track Splunk performance problems
- Create custom Splunk Applications as needed
*Skills*
- Able to work under pressure in time critical situations
- Excellent written and verbal communication skills are required
- Ability to communicate effectively with business representatives in
explaining impacts and strategies when necessary
- Flexibility to change direction and manage conflicting demands
- Outstanding organizational and data analytics skills
- Comfortable working in a fast-paced environment
- Ability to explain findings to non-technical professionals
- Excellent report writing and presentation skills
- Project planning skills
*Certifications*
- Splunk Certification(s) are a plus
- Splunk Power User Certification
- Splunk Administrator Certification
- Splunk Architect Certification