Splunk Engineer

Position Overview

True Zero Technologies is seeking a skilled Splunk Engineer to join our team. The successful candidate will be responsible for maintaining various client Splunk instances, with a strong focus on data onboarding, content development, reporting, and visualizations. This role requires prior Splunk engineering and administration experience, relevant certifications, and the ability to work effectively in a team environment. Experience supporting federal customers is a plus.

Company Information

True Zero Technologies is a veteran-owned small business founded on the principle of enabling people and technology to achieve quality outcomes. We foster a community of driven and passionate individuals dedicated to delivering top-tier services. True Zero has been recognized as a "Best Places to Work" in 2023 and was named one of Inc. Magazine’s Top 5000 Fastest Growing Companies in 2022. As a TZT consultant, you will have access to a comprehensive knowledge base, technical backing from our PS team, and opportunities for collaboration and growth through information sharing, knowledge workshops, and an internal Slack channel.

Requirements

• US Background Check Required
• Heavy experience with Risk-Based Alerting (RBA) and its application for optimal efficiency.
• Accredited Enterprise Security Administrator in Splunk.
• Splunk Core Certified Consultant.
• Heavy Splunk ES experience in a professional environment.
• Experience ingesting logs into Splunk via Cribl is required.
• 3-5 years of hands-on professional experience is highly preferred.
• Understanding of network protocols, operating systems, applications, and device event telemetry.

Responsibilities

• Develop and implement actionable alerts and workflows for Splunk as a SIEM tool.
• Develop and implement Apps and Knowledge Objects (KO) such as Dashboards, Reports, and Data Models.
• Collaborate with Splunk Architects/Admins to promote private KOs to Global KOs.
• Assist, train, and/or host workshops for CISO teams and analysts on searching and content development.
• Develop and implement automation to improve the efficiency of CISO workflows using Splunk.
• Assist in the development of advanced security use cases in Splunk.
• Develop risk rules and risk incident rules to correlate and alert to significant cyber events.
• Develop custom dashboards specific to RBA to highlight risk detail, health analysis, and risk suppression.
• Configure incident response and remediation workflows for ES around notable events.
• Develop custom machine learning (ML) models to support anomaly-detection based alerting.
• Work with numerous stakeholders to implement and maintain event logging from various operating systems, applications, identity providers, network infrastructure, and cloud service providers.

Employment Type

• Full-Time

Compensation & Benefits

• Competitive salary, paid twice per month.
• Best-in-class medical coverage with 100% of medical premiums covered by True Zero.
• Company-wide new business incentive programs.
• Contribution Incentives (e.g., white papers, blog posts, internal webinars).
• 3 weeks of PTO starting, plus 11 Paid Holidays Annually.
• 401k Program.

Location Type

• Information not provided.

Application Instructions

• Information not provided.