Splunk Engineer - Durham, United States - TEKsystems

Description

Job Description

Job Title: Splunk Engineer

Type:18-month contract to hire

Worksite Address: On-site in the RTP Area

Requirements: Splunk experience; Linux experience; U.S. Citizen

Description

This position is for a team with our client that was created in the aftermath of 9/11 to deliver rapid-response technical support to the U.S. Federal Government.

The Splunk Engineer will work on the IT Operations Team that supports a new service offering for the government. This team is responsible for taking care of the internal needs from an IT standpoint. The demands of the role have increased, resulting in the need for an additional Splunk administrator. This position will go perm within 18 months.

The Splunk engineer will continue to maintain the health of the environment, create dashboards, and provide support to the business units when they have additional requirements. This candidate will need to be proficient in using Splunk as a primary log for devices as well as assist the security team to ensure security requirements are met. For example, this person will need to create a special dashboard, know how to gather requirements from business owners for that dashboard and communicate back and forth with that team. Other responsibilities within this role consist of: making adjustments as people send logs, run queries, and explain applications that are in Splunk. This person will not be responsible for completely configuring the applications, however. This person will likely be more seasoned with a lot of problem-solving skills, with the ability to think outside of the box. Having experience with Splunk in a virtualized environment will be helpful.

The ideal candidate for this role is a seasoned/experienced Splunk SME who has vast experience running Splunk as a SIEM, in a government organization. Experience with large-scale deployments with data feeds from multiple on premise data centers will be important.

More specifically, the successful candidate will have experience with the following:

• Expertise in Enterprise security and developing Splunk ES correlation searches and to identify and address emerging security threats through the use of continuous monitoring, alerting and analytics.
• Installation, configuration & administration of Splunk Enterprise Server and Splunk Universal Forwarder, Splunk Heavy Forwarders in large distributed environment.
• Sound Knowledge in using Splunk knowledge objects.
• Sound knowledge in using configuration files (inputs, outputs, , , ).
• Experience in roles creation and user authentication.
• Hands-on Experience using the syslog servers.
• Develop custom visualizations dashboards, data models, reports, alerts.
• Ability to write complex search queries and should have expertise in search optimizations and troubleshooting.
• Expertise in Splunk cluster Administration (Search Head cluster, Indexer Cluster and Distributed Management Console) including version upgrades, permissions, and audit compliance

Top Skills:
1) Splunk Administrator (5+ years): Installation, Configuration, Management, care and feeding,
2) Experience on-boarding data, creating dashboards, setting and managing alerts, and writing Splunk applications
3) Experience in a clustered Splunk environment as well as Splunk enterprise security
4) Knowledge and experience of Linux Administration

Preferred one or more of the following:
Splunk Certified Administrator
Splunk Certified Architect

Additional Qualifications
· Minimum 4+ year's Hands-on experience with SPLUNK in one of the following areas: IT Operations, compliance, dev ops, network security, and system security, supporting security event management tools (SIEMs) Minimum 2+ years Hands-on experience with rule and advanced logic creation within SPLUNK.
· Experience with integrating solutions in a multi-vendor environment, including SaaS environments.
· Knowledge of enterprise logging, with a focus on security event logging.
· Strong Knowledge on regular expressions.
· Experience with enterprise-scale operations and maintenance environments.
· Experience with Python and Shell scripting and ability to automate tasks and manipulate data.
· Experience with Windows and \*NIX environments.
· Experience with Java script, HTML, CSS and XML.
· Experience with various security tools, including Wire shark, Nessus, Nmap, Burp, Proxy, or Snort a plus.
· Strong analytical and creative problem-solving skills.
· Ability to multitask and solve complex technical problems.
· Monitor and maintain Splunk performance, availability, and capacity.
· Create and maintain documentation related to architecture and operational processes for Splunk.
· Engage application and infrastructure teams to establish best practices for utilizing Splunk data and visualizations.

Day in the life:
1) Health check: make sure log rotations working correctly, test environment set up
2) Auditing recently
3) Analyzing with soc analysts, tune data that comes in, parsing out what needs to be filtered/what does not.
4) Work with infrastructure engineers
configuring alerts

Benefits:

This is an opportunity for someone to get a clearance, or potentially upgrade an existing clearance level. This is also a very collaborative environment, which allows for the individual to gain experience in other technologies such UC and Security. In addition, this opportunity provides an opportunity to work with an enterprise, industry leading company with access to their Labs for certification studying and access to industry leading technology.

FTE Benefits:
1) Annual bonus between 10-15% of pay band.
2) Client paid CCIE test up to 3 times.
3) 11K annual bonus for CCIE cert
4) Additional annual bonus for clearance.
5) $28K annual health benefits package
6) $4K contribution to HSA

Work Environment

Cubicle setting. This is a casual environment, shorts and jeans are acceptable, The shift is around core hours (8-5) with flexibility. This team has created a collaborative environment. He/She needs to be able to work well in a team environment, help out other as much as possible, even if it's in another technology.

Additional Skills & Qualifications

Sole US Citizen
5 years' experience with Splunk
Experience onboarding data and doing dashboards
Experience creating alerts
Experience writing Splunk Apps
Knowledge and experience of Linux Administration
Experience in a clustered Splunk environment
Experience with Splunk enterprise security

Impact to the Internal/External Customer

For our client to provide additional services to its external customers (DoD, FBI, etc), they must have an internal infrastructure that supports it. The IT Ops team is standing up a new service that will be essential for their peers in delivering top qualify to their external clients. Splunk is at the core of that service due to its monitoring capabilities.

Business Challenge

If this team cannot provide the necessary support to their customers, they will to somewhere else for the service, impacting our client's brand and revenue streams. Standing up this new service where Splunk is part of it is essential to ensuring our client can continue to deliver to its customers.