Splunk Security Engineer/Administrator

Job Description

About the Role: We are seeking a highly skilled and experienced Splunk Security Engineer/Administrator to join our team. The ideal candidate will be responsible for the full lifecycle management of our on-premise Splunk SIEM solution, ensuring its optimal performance, security, and reliability. You will play a critical role in onboarding data from diverse sources, developing security use cases, creating insightful dashboards and reports, and troubleshooting complex issues. Responsibilities: Splunk SIEM Administration: Install, configure, and upgrade our on-premise Splunk SIEM environment. Perform routine maintenance, monitoring, and troubleshooting of Splunk infrastructure. Manage Splunk configuration files to optimize performance and security. Administer and maintain Splunk Enterprise Security (ES). Data Onboarding: Design and implement data onboarding strategies from various sources, including Windows and Linux systems, applications, and network devices. Troubleshoot log source errors and ensure data integrity. Manage and configure Splunk forwarders and agents. Security Use Case Development: Develop and implement security use cases aligned with the MITRE ATT&CK framework. Create and maintain correlation searches, alerts, and reports. Design and implement custom dashboards to visualize security data and trends. Splunk App and Add-on Management: Install, configure, and upgrade Splunk apps and add-ons. Develop and maintain custom Splunk apps as needed. Linux System Administration: Administer and maintain Linux operating systems that support the Splunk infrastructure. Perform system patching, security hardening, and performance tuning. Splunk Search Language (SPL) Proficiency: Develop complex SPL queries for data analysis, reporting, and alerting. Optimize SPL searches for performance. Troubleshooting: Diagnose and resolve complex technical issues related to Splunk and its integrations. Troubleshoot log sources in error (Windows and Linux agents, App based integrations.. ). Qualifications: Proven experience in installing, configuring, and administering on-premise Splunk SIEM solutions. Strong understanding of data onboarding techniques and experience with various data sources. Proficient in managing Splunk configuration files. Experience with Linux system administration. Knowledge of security use case development and the MITRE ATT&CK framework. Experience creating Splunk dashboards and reports. Proficiency in Splunk Search Language (SPL). Experience with Splunk App and add-on installation and upgrades. Experience administering Splunk Enterprise Security (ES). Strong troubleshooting skills. Preferred: Splunk Admin Certification.