Splunk Engineers Remote & Hybrid Multiple Levels

JOB SUMMARY:

Seeking multiple Splunk Engineers to Join Zivaro’s team. Our team supports both Federal and State customers in their efforts to develop and maintain a Splunk environment. While much of this role may be conducted remotely, some positions/ programs require travel to customer sites and/or a government security clearance (Secret, Top Secret, TS/SCI + Poly).

POSITION RESPONSIBILITIES: Roles may include some or all of the following

Manage multiple assignments, changing priorities, and work independently with little oversight

Build, implement, and administer Splunk in Linux and Windows environments

Work with existing and custom Splunk applications and add-ons to fulfill customer needs

Provide overall engineering and design support for a distributed Splunk environment

Editing and maintaining Splunk configuration files and apps

Troubleshoot Splunk configuration settings needed to ensure proper operation of Splunk

Perform API integrations with other 3rd party vendor software

Able to create, modify, update, and maintain Python and PowerShell scripts

Onboard data to Splunk

Security event data normalization and practices to provide ES with data enrichment with Common Information Modal (CIM) compliance.

Provide assistance for detailed view of notable events, workbook for open investigations, and risk analysis scoring system.

Recommend actions in security operations center tier I and tier II incident response incidents.

ES tuning performance by editing, creating search language of searches to modify and reduce number of notables and removal of low value searches.

Configuration of correlation searches, dashboard searches, risk modifiers, threat intelligence feeds, workflow actions and Enterprise Security content.

Automate issue resolution and compliance reporting to lower time on detection, time on mitigation for security organizations.

Integrate Splunk Mission Control, Splunk Security Orchestration, Automation Response (SOAR), and/or other customer approved security product applications utilizing Enterprise Security.

Utilize data thresholds, trend-based conditions and behavioral pattern recognition.

Enterprise Security (ES) to support tier I alerting, investigations, and O&M of the SIEM.

Support hunt missions (tier II) and Defensive Cyber Operations (DCO) (tier III) as needed

Provide best business practices and recommendations in contribution to customers security strategy and SOC policies.

Design resiliency using ITSI; build out an ITSI application and implement the design to run ITSI at multiple locations and have one location have overall oversight.

Data onboarding, data normalization and day-to-day maintenance of Splunk platform. QUALIFICATIONS: Roles may require some or all of the following

Splunk Enterprise Architect certification

Splunk Core Consultant Certification

Splunk Enterprise Security Certification

Splunk IT Service Intelligence Certified Admin - ITSI

Working knowledge of SOAP/REST APIs, JSON, HTML/CSS, JavaScript, and XML

Authored SOPs, playbooks, work instructions and/or other process documents

CISSP or Security Plus credentials

Experience with Python development

Experience working in Splunk Cloud environment

Willing to direct and guide junior consultants on the team

Data onboarding, visualizations, and use case tuning

Background in Linux, Python, networking, high level troubleshooting skills

YEARS OF EXPERIENCE: Minimum 3+ years of experience with Splunk

SECURITY CLEARANCE: Varies – no clearance to TS/SCI + Poly

EDUCATION: Bachelor’s degree in related field, or equivalent experience preferred

U.S. Citizenship is required for most positions at Zivaro, due to security clearance and government/federal contracts held by Zivaro.

EEO STATEMENT

ZIVARO fully subscribes to the principles of Equal Employment Opportunity. It is our policy to provide employment, compensation and other benefits related to employment based on qualifications, without regard to race, color, religion, national origin, age, sex, veteran status, disability, sexual orientation, gender identity or any other basis prohibited by federal, state or local law. In accordance with requirements of the Americans with Disabilities Act, it is our policy to provide reasonable accommodation upon request during the application process to eligible applicants in order that they may be given a full and fair opportunity to be considered for employment. As an Equal Opportunity Employer, we intend to comply fully with applicable federal and state employment laws and the information requested on this application will only be used for purposes consistent with those laws.