Certified Splunk UBA Engineer (R-00075)

Position Overview

• Location Type:
• Job Type: Full-Time
• Salary:

True Zero Technologies is a veteran-owned small business focused on enabling people and technology to achieve quality outcomes. We foster a community of driven individuals and innovators dedicated to delivering top-tier services. Recognized as a "Best Places to Work" in 2023 and one of Inc. Magazine’s Top 5000 Fastest Growing Companies in 2022, we are seeking a Certified Splunk User Behavior Analytics (UBA) Engineer. This role requires hands-on experience deploying, configuring, and managing Splunk UBA in enterprise environments, with expertise in behavioral analytics, advanced threat detection, and insider threat programs. As a TZT consultant, you will benefit from a collaborative community, comprehensive knowledge base, and technical support. We encourage growth through information sharing, workshops, and provide access to internal Slack channels and necessary tools for professional development.

Responsibilities

• Design, deploy, and maintain Splunk UBA solutions for enterprise security initiatives.
• Develop and tune behavior models for detecting insider threats, compromised credentials, and APTs.
• Integrate Splunk UBA with Splunk Enterprise Security (ES) and other security tools.
• Perform regular UBA model tuning and system optimization.
• Develop and maintain documentation for UBA configuration, tuning, use cases, and response processes.
• Collaborate with SOC, IR teams, and IT operations for efficient threat detection and mitigation.
• Integrate z/OS log data and mainframe activity into Splunk for security monitoring and analysis.
• Work with mainframe teams to understand z/OS security requirements.
• Stay updated on behavioral analytics, insider threat detection, and Splunk UBA product updates.
• Provide advanced troubleshooting and support for Splunk UBA.

Requirements

• Splunk UBA Certification and/or Splunk Enterprise Security Certification.
• 3+ years of hands-on experience with Splunk UBA in large-scale environments.
• Strong understanding of behavioral analytics and insider threat detection methodologies.
• Experience integrating and customizing Splunk UBA use cases and threat models.
• Proficiency in Splunk Core, Splunk Enterprise Security (ES), SPL, and data onboarding best practices.
• Familiarity with enterprise logging practices and SIEM integrations.
• Experience with security frameworks such as MITRE ATT&CK, NIST CSF, and ISO 27001.
• Scripting experience with Python, Bash, or PowerShell for automation.
• Strong communication and documentation skills.

Preferred Qualifications

• Experience with large-scale data ingestion and normalization across heterogeneous environments.

Company Information

True Zero Technologies is a veteran-owned small business committed to the purposeful enablement of people and technology. We believe that our people are the foundation of our success and have built a community of like-minded, driven, and passionate individuals. In 2023, True Zero was recognized as a “Best Places to Work” in two categories ("Prosperous and Thriving" and "Mid-Atlantic Region") and in 2022, was recognized as one of Inc. Magazine’s Top 5000 Fastest Growing Companies. We encourage collaboration and growth through information sharing and knowledge workshops.