Job Description

Job Description:
Role Summary/Purpose:
The Splunk Enterprise Security Admin will perform enhancements, upgrades, and expansions to a large enterprise-scale Splunk Enterprise Security implementation in a Search Head Cluster. He or she will drive new technical integrations and best practices, assist with migration to the cloud, ensure robust searching and alerting across clusters, and troubleshoot issues as needed. The Splunk Enterprise Security Admin provides guidance and support to the Splunk Operations team and partners closely with the Security Content team, AWS Cloud team, Identity and Access Management, and the Splunk Development teams to enhance practices and ensure that Splunk is performing exceptionally well and reliably across the enterprise.
Essential Responsibilities:
+ Manage and implement upgrades, enhancements, and expansions for Splunk Enterprise Security in a search head cluster environment
+ Provide end-to-end technical oversight across security-relevant Splunk technology add-ons and knowledge objects
+ Collaborate to ensure integration of all security tools, including security orchestration tools and threat intelligence feeds, as well as asset and identity data
+ Support development of scripts (python, JavaScript, etc.) as needed in support of data collection or integration
+ Develop searches, reports and dashboards as needed in support of the detection team and Joint Security Operations Center
+ Manage access controls for the Enterprise security cluster
+ Perform capacity planning and integration across the environment
+ Maintain documentation including Management Guides, Operation Plans, Workflows, Processes, and Continuity of Business Plans
+ Perform other duties and/or special projects as assigned
+ Bachelor's Degree and a minimum 3 years of Technology experience or, in lieu of a Bachelor Degree, a High School Diploma/GED and a minimum of 7 years of Technology experience
+ Minimum 3 years’ experience configuring and managing Splunk
+ 2+ years’ experience as Splunk Admin, Architect or security content developer
+ 1+ years’ experience with Enterprise Security Administration
+ Certified as either Splunk Admin or Power User
Desired Characteristics:
+ Experience as Splunk Enterprise Security Admin in an Enterprise-scale environment
+ Experience with Splunk Cloud
+ Proficient with SAML, python, JavaScript and REST
+ Proficient with automation tools – Chef, Ansible
+ Experience with Agile Management Principles
+ Experience with Version Control tools – Git, Bitbucket
+ Expertise in Data Management and Enrichment
+ Expertise in security data sources and use cases
+ Knowledge of Data Analytics
+ Results driven, strategic, conceptual, and innovative thinker
+ Excellent consulting skills and superior ability to develop and maintain effective client relationships
+ Ability to work independently as well as part of a team
+ Highly analytical, detail-oriented, and strong problem solving with a common-sense approach to resolving problems
+ Expertise to clearly define complex issues despite incomplete or ambiguous information
+ Strong oral and written communications skills
+ Strong interpersonal and critical thinking skills
+ Excellent communication and relationship building skills
+ Expert knowledge of Splunk Development, including scripting and api development
+ Strong analytical skills.
Eligibility Requirements:
+ You must be 18 years or older
+ You must have a high school diploma or equivalent
+ You must be willing to take a drug test, submit to a background investigation and submit fingerprints as part of the selection process
+ You must be able to satisfy the requirements of Section 19 of the Federal Deposit Insurance Act.
+ _Effective 1-1-18, new hires (Level 4-7) must have 9 months of continuous service with the company before they are eligible to post on other roles. Once this new hire time in position requirement is met, the associate will have a minimum 6 months’ time in position before they can post for future non-exempt roles._ Employees, level 8 or greater, must have at least 24 months’ time in position before they can post. All internal employees must have at least a “consistently meets expectations” performance rating and have approval from your manager to post (or the approval of your manager and HR if you don’t meet the time in position or performance requirement).
Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job opening.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
Reasonable Accommodation Notice:
+ Federal
Save Job