Certified Splunk UBA Engineer

Summary

Join True Zero Technologies, a veteran-owned small business, as a Certified Splunk User Behavior Analytics (UBA) Engineer. You will design, deploy, and maintain Splunk UBA solutions, develop behavior models for threat detection, and integrate Splunk UBA with other security tools. Responsibilities include model tuning, documentation, collaboration with SOC and IR teams, and integrating z/OS log data. You will need Splunk UBA and/or Splunk Enterprise Security certifications, 3+ years of hands-on experience with Splunk UBA, and a strong understanding of behavioral analytics. Preferred qualifications include experience with large-scale data ingestion, IBM z/OS systems, and Machine Learning Toolkit in Splunk. True Zero offers competitive benefits, including comprehensive medical coverage, paid time off, a 401k program, and investment in training and certifications.

Requirements

• Splunk UBA Certification and/or Splunk Enterprise Security Certification
• 3+ years of hands-on experience with Splunk UBA in large-scale environments
• Strong understanding of behavioral analytics and insider threat detection methodologies
• Experience integrating and customizing Splunk UBA use cases and threat models
• Proficiency in Splunk Core , Splunk Enterprise Security (ES) , SPL (Search Processing Language) , and data onboarding best practices
• Familiarity with enterprise logging practices and SIEM integrations
• Experience in security frameworks such as MITRE ATT&CK , NIST CSF , and ISO 27001
• Scripting experience with Python, Bash, or PowerShell for automation and data manipulation tasks
• Strong communication and documentation skills
• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field; or equivalent work experience

Responsibilities

• Design, deploy, and maintain Splunk UBA solutions to support enterprise-wide security initiatives
• Develop and tune behavior models to enhance detection capabilities for insider threats, compromised credentials, and advanced persistent threats (APTs)
• Integrate Splunk UBA with Splunk Enterprise Security (ES) and other security tools to create comprehensive threat detection frameworks
• Perform regular UBA model tuning and system optimization to ensure peak performance and accurate alerting
• Develop and maintain documentation on UBA configuration, tuning methodologies, detection use cases, and response processes
• Collaborate with the Security Operations Center (SOC), Incident Response (IR) teams, and IT operations to build efficient threat detection and mitigation workflows
• Integrate z/OS log data and mainframe activity into Splunk for centralized security monitoring and behavior analysis
• Work closely with mainframe teams to understand z/OS-specific security requirements and ensure appropriate visibility and correlation
• Stay updated on the latest developments in behavioral analytics, insider threat detection, and Splunk UBA product updates
• Provide advanced troubleshooting and support for Splunk UBA and assist with the resolution of complex incidents

Preferred Qualifications

• Experience with large-scale data ingestion and normalization across heterogeneous environments
• Working knowledge of IBM z/OS systems including SMF (System Management Facility) records, RACF (Resource Access Control Facility) logs, and integration of mainframe security data into SIEM platforms
• Familiarity with Machine Learning Toolkit (MLTK) in Splunk for custom analytic models
• Exposure to other behavioral analytics platforms or insider threat management tools
• Basic knowledge of mainframe security tools like ACF2 , Top Secret , or similar
• Familiarity with integrating cloud data sources (AWS, Azure, GCP) into Splunk and UBA
• Hands-on experience with threat hunting and proactive detection strategies
• Experience with regulatory compliance requirements such as PCI DSS, HIPAA, SOX, etc
• Splunk Professional certifications (Splunk Core Certified Power User, Splunk Enterprise Certified Admin) are a plus

Benefits

• Competitive salary, paid twice per month
• Best in class medical coverage
• 100% of medical premiums covered by True Zero
• Company wide new business incentive programs
• Contribution Incentives (i.e. white papers, blog posts, internal webinars, etc.)
• 3 weeks of PTO starting + 11 Paid Holidays Annually
• 401k Program with 100% company match on the first 4%
• Monthly reimbursement of Cell Phone and Home Internet costs
• Paternity/Maternity Leave
• Investment in training and certifications to broaden and deepen your technical skills