Sr. Splunk SIEM Engineer

Job Description

Minimum of 5 to 7 years of experience as a Sr. Splunk SIEM Engineer, including work with security monitoring tools such as IDS/IPS, FWs and NACs and protocols such as NetFlow (Snort, Bro, Palo Alto, Checkpoint, Palo, Arista, ISE, FireEye, Gigamon).

Development, deployment, or administration of Splunk ES.

Experience working with cloud services such as AWS, Azure and M365 and cloud access security brokers.

Experience in the use of network monitoring tools with a strong understanding of network protocols.

Ability to perform security analysis, development and implementation of security policies, standards, and guidelines.

Experience with both the Linux and Windows operating systems.

Must be within 45 minutes driving distance of Richmond, VA

Key Responsibilities:

• Development, deployment, or administration of Splunk.
• Onboard Splunk ES critical data sources - ingestion of critical data sources/data logs from the enterprise into the Security Information Event Management (SIEM) tool to meet the Splunk Enterprise Security (ES) implementation.
• Normalize Log Data to Common Information Model (CIM) as required by Splunk ES to meet the provided security use cases (Rules/Alerts).
• Create viewable Splunk dashboards to provide visibility into ingested log data.
• Create alerts that trigger/activate on configured setting to deploy or sends a note, email, or attachments to a particulate destination email or groups.
• Create security rules (alerts) that trigger on anomalous activities or threat detections.
• Splunk Support - Assisting Customers with any issues when ingestion of logs that are not working properly or communication issues with Splunk.
• Resolve Splunk infrastructure or system issues.
• Check virtual server availability, functionality, integrity, and efficiency.
• Monitor and maintain virtual server configuration.
• Diagnose failed servers or connectivity problems.

Required Skills and Experience:

• Experience working with cloud services such as AWS, Azure and M365 and cloud access security brokers.
• Experience in the use of network monitoring tools with a strong understanding of network protocols.
• Ability to perform security analysis, development and implementation of security policies, standards, and guidelines.
• Ability to quickly explore, examine and understand complex security problems and how it affects a customer’s business.
• Experience with both the Linux and Windows operating systems.
• Experience with SOAR and Firewall platforms from Palo Alto Networks

Education and Experience                                                         

Completed bachelor’s degree from an accredited university is required, preferably in an IT related field.  Minimum of 5 to 7 years of experience related to the qualifications above, including work with security monitoring tools such as IDS/IPS, FWs and NACs and protocols such as NetFlow (Snort, Bro, Palo Alto, Checkpoint, Palo, Arista, ISE, FireEye, Gigamon).