81 applicants

Company

phia, LLC · 6 hours ago

Splunk Engineer

Merrifield, VA

Full-time

Remote

Mid, Senior Level

5+ years exp

Maximize your interview chances

Cyber SecurityInformation Technology

No H1B

U.S. Citizen Only

Security Clearance Required

Insider Connection @phia, LLC

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Tune and configure Splunk Core and Splunk Enterprise Security (ES) services.

Develop and implement actionable alerts and workflows for Splunk as a SIEM tool.

Create and manage Apps & Knowledge Objects (KO) including dashboards, reports, and data models.

Collaborate with Splunk Architect/Admin to promote private KO to Global KO.

Implement automation to improve CISO workflow efficiency using Splunk.

Work with CISO end users to build content and develop advanced security use cases.

Develop risk rules and risk incident rules for correlating and alerting significant cyber events.

Create custom dashboards for Risk-Based Alerting (RBA) highlighting risk details, health analysis, and risk suppression.

Configure incident response and remediation workflows for ES notable events.

Develop custom machine learning models for anomaly-detection based alerting augmentation.

Participate in requirements gathering, solution architecting, and design of technology solutions for Continuous Monitoring Program.

Conduct workshops and training sessions for CISO teams on Splunk engineering, searching, and content development.

Assist CISO Splunk Engineering team with Data Lifecycle Support.

Work with various stakeholders to implement and maintain event logging across multiple systems and platforms.

Support off-hours and weekend efforts for incident investigations and systems maintenance.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Splunk CoreSplunk Enterprise SecuritySIEM toolsData ingestionDashboards configurationAutomation for CISO workflowsMachine learning modelsSecurity ClearanceSplunk Core Certified Power UserSplunk Core Certified Advanced Power UserSplunk Enterprise Certified AdminSplunk Cloud Certified AdminTechnical reporting

Required

5+ years of experience in information security operations and/or related IT operational functions.

Experience supporting operational Splunk deployments (e.g. installation & maintenance, data ingestion, creation/configuration/tuning of dashboards/rules/workflows/reports/etc.).

Proven ability to provide high-quality written technical reports and effective stakeholder communication.

Excellent organizational skills.

U.S. Citizenship required.

Ability to obtain Public Trust (or higher) government clearance.