Splunk Administrator

Employment Force is currently assisting a client for a Splunk Administrator position.

Responsibilities:

The Splunk Administrator, you will be responsible for analyzing the most complex threats and act as an escalation point for other security analysts, managing Splunk implementations for managed security services customers, as well as use case creation, dashboards, tuning, and log source configuration.

• Be responsible for advanced security event detection and threat analysis for complex and/or escalated security events.
• Provide log/network/malware/device analysis and making recommendations for remediation of security vulnerability conditions.
• Validate log sources and indexed data, search through indexed data to optimize search criteria.
• Add Customer Context, eliminate noise and false positives, and develop trends and data models
• Distill Customer intelligence feeds; use cases, trends and data models.
• Create custom alert schema, reports and custom dashboards

Requirements:

• 6+ years’ experience in the management of information systems with at least 4+ years of formal experience in information security
• 2+ years of Splunk Enterprise/Splunk Cloud experience
• Splunk Specific Technologies and Concepts such as: Splunk Enterprise/Cloud data onboarding principles
• Understanding of Splunk components to include but not limited to: Splunk Search Processing Language (SPL), Enterprise Security, HTTP Event Collector (HEC), Input Data Manager (IDM), Deployment Servers, Universal Forwarders (UF), and Heavy Forwarders (HF)
• BS in Computer Information Systems, Computer Science, Information Systems Management, or equivalent professional experience

Education:

• Minimum of a Bachelor’s degree

Work location:

Remote

Equal Opportunity Employer/Veterans/Disabled

To read our Candidate Privacy Information Statement, which explains how we will use your information, please click here