Splunk Architect

Employment Force is currently recruiting qualified candidates for a direct hire Splunk Architect job. As a Spunk Architect you will manage the team’s Information System Monitoring for threats/anomalied in the SOC’s cybersecurity ecosystem.

Responsibilities:

• Lead the team’s monitoring the SIEM for notable events and work with customer to investigate and remediate events within 5 minutes
• Lead the review of existing Splunk correlation searches, reports and dashboards for data accuracy and tweak them
• Manage the gathering of requirements for monitoring assets using Splunk, develop reports and dashboards based on the requirements
• Participate in the HRSA Splunk Center of Excellence and provide support to customers and stakeholders.
• Investigate triggered signatures to identify threats and false positives
• Perform Splunk upgrades, updates and patches

Requirements:

• Manage all administration and architecture of a complex Splunk infrastructure made up of 50 servers, specifically in a multi-site distributed environment
• Architect a path forward for the Splunk ES implementation at HRSA
• Administer Splunk premium apps such as Enterprise Security and IT Service Intelligence.
• Expert knowledge of how to integrate various tools with Splunk to support automation.
• Expert knowledge of searches, correlation reports, and dashboards.
• Lead the SOC analysts in tuning and tweaking Splunk Enterprise Security correlation searches, reports, dashboards, etc. for monitoring cyber intrusions, anomalies, and threats
• Responsible for overseeing all data onboarding activities.
• Responsible for overseeing all user onboarding activities.
• Responsible for managing the monitoring and assessment of data accuracy in Splunk.
• Perform Splunk App/add-on development.
• Implement Splunk changes based on the HRSA’s Splunk Center of Excellence change management procedures.
• Oversee the documenting of Splunk processes, procedures, and workflows.
• Work closely with the Federal Splunk SME to perform other Splunk-related tasks.
• Be responsible for leading the implementation of custom integrations and developments in Splunk.
• Expert knowledge of Ansible, BitBucket, and other version/change control and automation tools to effectively administer the Splunk environment.
• Have a expert understanding of Splunk Enterprise Security, and experience fully operationalizing Splunk Enterprise Security in SOCs, playing the role of lead Splunk architect
• Expert knowledge of scripting languages is a MUST (Python, Powershell, Shell and Batch Scripting, Javascript, etc.)
• Expert knowledge of custom development in Splunk using the Splunk SDK.
• Senior-level experience administering Linux OS is a MUST, Windows experience is a plus (System Administration)
• the SME must hold a Splunk Architect certification,

Education:

• Minimum of a Bachelor’s degree