Sr. Security Platform Engineer - Splunk
As a Sr. Security Platform Engineer, you will play a key technical role in our Security Analytics Platform team within the CIS engineering organization. You will serve as a technical expert for the product engineering and service support for critical enterprise security technologies of the firm's Information Security Services. The role primarily entails hands on technical product design and deployment specifically for building and managing SIEM platforms like Splunk Enterprise, Splunk User Behavior Analytics, Splunk Phantom, Splunk Enterprise Security and ArcSight. You will also be a mentor to junior staff members both on-shore and off-shore to develop their skills in SIEM platforms. Responsibilities will include:
- Engineer, implement and administer SIEM platforms ArcSight, Splunk Enterprise, Splunk Enterprise Security, Splunk UBA and Splunk Phantom in public cloud and on-premise datacenters
- Analyze, design, build & support Splunk Multi-Cluster Architecture. Maintain existing ArcSight infrastructure
- Incident & Problem Management, Change & Release Management, Vendor Management, Capacity Management functions for these applications
- Oversee production support of the platforms by the service provider who will provide 24X7 monitoring and maintenance of the platforms.
- Proficiency developing log ingestion and aggregation strategies
- On-board new data sources into Splunk, analyze the data for anomalies and trends and build dashboards highlighting the key trends of the data.
- product architecture, engineering and roadmap & Infrastructure Services for platforms supported by Security Analytics team
- Perform integration activities to connect with 3rd party software.
- Assist the content engineering team in developing security-focused content for Splunk, including creation of complex threat detection logic and operational dashboards
- Control the stages of MSS architecture lifecycle, including service tooling improvements, requirements execution, architecture improvements, design, implementation, testing, documentation, and support.
- Communicate requirements and risks to stakeholders such as Product, Engineering, and Security leadership.
- Work with cross-functional teams to proactively improve on existing integration automation/workflows.
- Maintain up-to-date knowledge of technology standards, industry trends, emerging technologies, and MSS best practices.
- Ensure technical issues are quickly resolved and help implement strategies and solutions to reduce the likelihood of recurrence.
- Splunk certifications such as Splunk Certified Developer, Enterprise Security Implementation, Splunk Enterprise Certified Consultant, and/or Splunk Enterprise Certified Architect
- Extensive experience implementing, architecting and administering Splunk Enterprise Security, Splunk UBA and Splunk Phantom
- Azure/AWS knowledge required with experience preferred in managing Splunk implementation in AWS
- Must have hands on experience on Splunk Enterprise Environment setup and troubleshooting skills
- Must have knowledge on setting up new data feeds into Splunk
- Must be able to Maintain, Manage and Monitor Splunk Infrastructure (Identify bad searches, dashboards and manage overall health of Splunk)
- Experience in clustering and load balance Environments setup
- Experience writing Splunk queries in Splunk Programming Language (SPL). Thorough understanding of Splunk processing language, optimization principles, APIs, and SDK.
- Experience with platforms such as Ansible, Puppet and Chef
- Experience with other Information Security solutions including DLP, ZScaler, Palo Alto, Symantec solutions, McAfee, Active directory
- Independent, self-motivated, proactive approach to problem solving and prevention.
- Excellent written and verbal communication skills.
- Passion for cybersecurity space.
- Broad experience with SOC, NOC and/or MSS operations.
The candidate shall have Degree in Computer Science, Engineering, Information Technology, Cybersecurity or related field and a minimum of 10+ years of experience in Security engineering , system administration, database administration,
network engineering, software engineering, or software development, with a concentration in Cybersecurity.
- 10+ years of IT engineering experience in building and managing infrastructure and security platforms
- 5+ years of professional engineering experience with the Splunk platform
- Minimum 1-2 full lifecycle implementation experience of Splunk Enterprise and Splunk Enterprise Security
- In-depth experience with Splunk's multiple deployment options - including on-premise distributed deployments and public cloud
- Expertise with data ingest, data normalization (Splunk delivered TAs, custom TAs), search/query design and execution.
- Experience with Splunk component utilization (e.g. Indexer loads and requirements, search head peering, etc), component resourcing (e.g. underlying server specs), inter-component communications and tradeoffs (e.g. DNS vs IP tables, usage of SSL, etc) and underlying platform requirements.
- Expert-level experience with SIEM technologies - implementation, tuning, troubleshooting Splunk and ArcSight
- Expertise in building, deploying, scaling, and troubleshooting the various facets of large scale Splunk clusters and supporting apps.
- 3+ years of DevOps Engineering experience
- 3-5 years of hands on experience with security monitoring tools such as IDP/IDS, FW and AV with a strong understanding of network protocols and network monitoring tools
- Hands-on experience supporting/developing enterprise technology and network infrastructure, including exposure to AWS or other public cloud infrastructure.
- Knowledge of scripting languages such as Python, Perl, bash, etc.
- Experience using Ansible and any flavor of Git.
- At least one of the following certifications: CASP, GCIH, GCWN, GISF, GISP, GSSP, GICSP, GSSP, SEI, CISSP, CSSLP, SSCP, CCNP, CCNP Security, CCIE Security, CEH, ECSP, MCSE, RHCA, RHCE, VCP, VCAP, VCIX, VCDX