Splunk Engineer
Description:
Splunk Engineer The Information Security Engineering team is looking for a Splunk Engineer to manage, optimize, and enhance our Splunk environment.
In this role, you'll play a critical part in our enterprise security initiatives by developing dashboards, integrating logs, and ensuring our Splunk platform is performing at its best.
If you're a proactive problem-solver with strong Splunk, AWS, and Python skills, we want to hear from you.
What You'll Bring: • Experience: Proven experience as a Splunk Administrator and Developer.
You should be comfortable with both the administrative and development aspects of the Splunk platform.
• Troubleshooting: Strong problem-solving skills with the ability to diagnose and resolve complex Splunk issues.
• Cloud: Solid understanding of AWS and experience integrating AWS services like CloudTrail, CloudWatch, and S3 with Splunk.
• Scripting: Proficiency in Python for automating Splunk tasks, data enrichment, and API integrations.
• Security: A deep understanding of enterprise security concepts and experience using Splunk for threat detection and incident response.
Troubleshooting & Optimization • Diagnose and resolve complex Splunk issues related to performance, search, and indexing.
• Monitor Splunk's health and proactively implement solutions to improve system reliability and uptime.
• Performance Tune the environment by optimizing search queries, improving indexing strategies, and enhancing data ingestion processes.
Dashboard & Analytics • Develop and implement custom Splunk dashboards and visualizations that translate complex data into clear, actionable insights for security and business stakeholders.
• Collaborate with teams to understand their requirements and build dashboards that address specific security and operational needs.
Enterprise Security & Threat Detection • Leverage Splunk Enterprise Security (ES) to build and maintain threat detection and incident response capabilities.
• Create and fine-tune correlation searches and risk-based alerts to identify and respond to security threats effectively Log Integration • Onboard and integrate logs from a wide range of sources, including servers, cloud platforms (AWS), applications, and security tools.
• Normalize and parse raw data using props.conf and transforms.conf to ensure consistency and usability.