About the job

About the opportunity:

DiverseIT is looking for a Splunk consulting resident to support the Security Architecture department. Our client’s Security Architecture team’s desire is to achieve its objective of supporting security tool logging operational support.

‍

Responsibilities:

• Provide security information and event management (SIEM) tool logging operational support
• Assist with onboarding of new data sources, parsing and extracting relevant data, and development of meaningful ways to display that data
• Validate correlation rules and source logs
• Assist with troubleshooting SIEM issues
• Support and execute an architectural plan as needed to achieve the engineering directives inclusive of impacted applications, systems, networks, and servers
• Other duties as assigned

Required Skills:

• Minimum of Five (5) years of Systems Engineering experience
• Minimum of Five (5) years of experience working with Splunk and large database repository environments
• At least Five (5) years of experience working with hardware and network related services operating at layers 1 - 3 of the OSI
• Knowledge of Splunk Core, Splunk Enterprise Security
• Very knowledgeable Search Processing language (SPL) Programmer Ability to create advanced Splunk queries to mine data
• Splunk SIEM and various data sources Splunk integration with ticketing system (Atlassian JIRA) and BMC Remedy, Service Now
• Splunk Dashboard & UI development for security metrics
• Experience with other Splunk Solutions (UBA, RBA, Phantom, etc)
• Experience with Security Operations Center (SOC) functions
• Knowledge of Splunk Core, Splunk Enterprise Security
• Very knowledgeable Search Processing language (SPL) Programmer Ability to create advanced Splunk queries to mine data
• Splunk SIEM and various data sources Splunk integration with ticketing system (Atlassian JIRA) and BMC Remedy, Service Now
• Splunk Dashboard & UI development for security metrics
• Experience with other Splunk Solutions (UBA, RBA, Phantom, etc)
• Experience with Security Operations Center (SOC) functions
• Strong communication skills
• Self-starter, ability to take initiative
• Advisory skills on improvement opportunities and leading practices suggestions
• Organization skills and attention to detail
• Good collaboration skills both technical peers and business partners with directory, IAM, firewall, network, database, MS Windows, Linux, Unix, mainframe, middleware, and web server teams
• Ability to effectively partner with vendor resources
• Good documentation skills to create operational process diagrams, etc.
• Comfortable with dynamic environment and changing requirements

Additional Preferred Skills:

• Splunk Phantom SOR experience
• Splunk ES Certified Admin
• SALT Security tool API logging correlation experience
• Certified Linux Administrator
• Experience working within financial industry SOC
• Database admin certification
• Vendor related network certifications
• Graduate degree or high level of technical certifications

Education:

• Bachelor's degree (BA/BS) from four-year college or university; or equivalent training, education, and work experience
• Travel up to 10%
• Remote Only
• Must be a US Citizen
• Must reside in the US

‍