Splunk Security Admin /remote

Splunk Security Admin

Location: Remote

Role Overview Summary

We are seeking a subject matter expert on Splunk who is highly skilled and experienced in Splunk Enterprise Security Administration to join our dynamic cybersecurity team. The ideal candidate will have a strong background in the administration, architecting, and engineering of Splunk ES GovCloud environment to include managing data models, CIM compliance, and 200+ sourcetypes. Managing the Splunk ES GovCloud index alerts to analyze data from various sources effectively. The role requires a deep understanding of cybersecurity principles and the ability to apply data analytics to enhance our organization's security posture.

Responsibilities and Duties:

• Develop, configure, and maintain complex Splunk indexes, data models, sourcetypes, and dashboards to meet the specific needs of the organization.
• Collaborate with cybersecurity analysts to identify key data points and log sources for correlation to enhance threat detection and response capabilities.
• Optimize Splunk performance by fine-tuning sourcetypes, data models, and summary indexes to ensure efficient data processing and retrieval.
• Implement advanced Splunk Administrative techniques to identify and alert on any potential security incidents and vulnerabilities.
• Work closely with IT and security teams to integrate various log sources into Splunk, ensuring comprehensive visibility across the network.
• Conduct regular reviews of existing Splunk applications, adjusting and making improvements to keep up with the evolving security landscape.
• Provide technical guidance and support to team members on Splunk best practices and advanced correlation techniques.
• Stay updated with the latest Splunk features and cybersecurity trends, incorporating new knowledge into the organization's Splunk environment.
• Participate in incident response activities, leveraging Splunk to provide critical insights and facilitate rapid resolution.

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, or Cybersecurity.
• Minimum of 5 years of experience working with Splunk in a cybersecurity context.
• @Splunk ES Administrator, Splunk Power User, or Splunk Enterprise Certified Admin certification is highly desired.
• Strong understanding of cybersecurity principles, threats, vulnerabilities, and incident response protocols.
• Proficient in creating complex Splunk SPL (Search Processing Language) queries and developing advanced correlation rules.
• Experience with log and data source integration, data normalization, Splunk data models, and Splunk CIM.
• Knowledge of network protocols, infrastructure, and key security technologies (firewalls, IDS/IPS, endpoint security, etc.).
• Excellent problem-solving skills and the ability to work independently or as part of a team.
• Strong communication and documentation skills, capable of effectively articulating technical information to both technical and non-technical audiences