Splunk Engineer

Summary

Join phia as a remote Splunk Engineer and contribute your expertise to protecting large enterprises from cyber threats. This role involves tuning and configuring Splunk services, developing alerts and workflows, creating dashboards and reports, and collaborating with stakeholders. You will implement automation, build security use cases, and develop custom machine learning models. The position requires 5+ years of experience in information security and proven Splunk deployment experience. U.S. Citizenship and the ability to obtain Public Trust clearance are mandatory.

Requirements

• 5+ years of experience in information security operations and/or related IT operational functions
• Experience supporting operational Splunk deployments (e.g. installation & maintenance, data ingestion, creation/configuration/tuning of dashboards/rules/workflows/reports/etc.)
• Proven ability to provide high-quality written technical reports and effective stakeholder communication
• Excellent organizational skills
• U.S. Citizenship required
• Ability to obtain Public Trust (or higher) government clearance

Responsibilities

• Tune and configure Splunk Core and Splunk Enterprise Security (ES) services
• Develop and implement actionable alerts and workflows for Splunk as a SIEM tool
• Create and manage Apps & Knowledge Objects (KO) including dashboards, reports, and data models
• Collaborate with Splunk Architect/Admin to promote private KO to Global KO
• Implement automation to improve CISO workflow efficiency using Splunk
• Work with CISO end users to build content and develop advanced security use cases
• Develop risk rules and risk incident rules for correlating and alerting significant cyber events
• Create custom dashboards for Risk-Based Alerting (RBA) highlighting risk details, health analysis, and risk suppression
• Configure incident response and remediation workflows for ES notable events
• Develop custom machine learning models for anomaly-detection based alerting augmentation
• Participate in requirements gathering, solution architecting, and design of technology solutions for Continuous Monitoring Program
• Conduct workshops and training sessions for CISO teams on Splunk engineering, searching, and content development
• Assist CISO Splunk Engineering team with Data Lifecycle Support
• Work with various stakeholders to implement and maintain event logging across multiple systems and platforms
• Support off-hours and weekend efforts for incident investigations and systems maintenance

Preferred Qualifications

• Bachelor’s degree in Computer Science, Information Technology or Information Security or other relevant disciplines
• Proximity to customer locations in the DMV (DC, MD, or VA) Metro area or Raleigh/Durham, NC is ideal
• Splunk Core Certified Power User
• Splunk Core Certified Advanced Power User
• Splunk Enterprise Certified Admin
• Splunk Cloud Certified Admin
• Other Splunk or SIEM certifications

Benefits

• Comprehensive medical insurance to include dental and vision
• Short Term & Long-Term Disability
• 401k Retirement Savings Plan with Company Match
• Tuition and Professional Development Assistance
• Flex Spending Accounts (FSA)