Splunk Enterprise Security Architect

Company: Telesis7
Location: Broomfield
Posted on: February 22, 2021

Job Description:

Splunk Enterprise Security Architect As a Splunk Enterprise Security Architect working on the Security Architecture and Engineering team, you will build security products to protect the world's largest companies, governments, and millions of homes from advanced security threats. Specifically you will architect, engineer and oversee the deployment, configuration and support of the Splunk Enterprise Security environment. THE MAIN RESPONSIBILITIES

• Architect, engineer, implement, administer, and maintain a complex and large Splunk Enterprise Security deployment in a distributed and clustered environment, in support of the Security Operation center activities - designed to meet compliance requirements and growth while maintaining balance between performance, stability, and agility.
• Assist with the automation, deployment, integration, and testing of enterprise systems and services and create and optimize Big Data correlations as a Splunk search language (SPL) expert.
• Monitor and support event feeds to ensure accurate event parsing, event filtering, event aggregation, and event transmission from various sources (workstations, servers, network equipment, ) using network communication protocols, standards and systems such as SYSLOG-NG, Rsyslog, CEF, SSH/TLS, Kafka etc.
• Manage Splunk knowledge objects (Apps, Dashboards, Saved Searches, Scheduled Searches, Alerts).
• Develop custom applications for handling a variety of data sources.
• Build meaningful dashboards to provide customers with insights into their data.
• Create and Maintain API and DBConnect based integrations to asset and inventory systems for contextual data gathering and augmentation, as well as provide additional services to the customer, e.g. trouble ticket submission.
• Ensure the deployments meet requirements with respect to functionality, performance, scalability, and reliability while complying with company security standards and principles.
• Create and analyze utilization statistics to identify causes for system and application degradations as well as recommend required system enhancements for business case and budget approval.
• Guide routine compliance and audit functions to ensure monitoring requirements of assets are satisfied.
• Develop, modify and follow associated security operation center processes applicable to the role (e.g. change and outage management).
• Work collaboratively with diverse end users and a geographically distributed team, and engage in direct communication with Director and VP level leadership.
• Lead architectural approval and security certification processes as needed.
• Generate high quality technical documentation and configurations to support architecture and solution designs, handoffs and user training. THE MAIN QUALIFICATIONS
  • Minimum of 8+ years of experience in a technical role, including 4+ years of relevant Splunk Enterprise, Enterprise Security administration, Splunk SIEM infrastructure configuration, and support experience.
  • Certifications for Splunk Enterprise Certified Architect and Splunk Enterprise Security Certified Admin.
  • Experience deploying and managing the Splunk event feed, indexing, processing and analytics infrastructure.
  • Experience working in a large enterprise or service provider environment.
  • Knowledge of enterprise logging, including application, OS, and security technology logging.
  • Experience with Ansible Tower, playbooks and general systems and/or configuration administration through use of Ansible automation, plus experience supporting and administering CentOS7, RHEL 7, etc.
  • Excellent understanding of common computing platforms, including: Windows, RedHat & Ubuntu Linux Servers; must be very comfortable administering servers from the command line and working with configuration files.
  • 3+ years development experience with scripting languages (Python Preferred).
  • Development of custom tools and programs based on specified requirements.
  • Strong networking experience to aid event collection and troubleshooting.
  • Experience in analyzing general system processing throughput, utilization, and capacity.
  • Experience in architecting the service provider-grade security infrastructure with specific focus on Data Analytics, Event Log management, threat detection/prevention and asset intelligence systems.
    • Ability to design, architect and implement Splunk solutions in support of cybersecurity and operations analysts and data scientists.
    • Working experience in security architecture design, preferably with:
      • Access control and firewalls/UTM devices including Web Application Firewall (WAF)
      • Web Content Filtering, Intrusion Detection and Prevention (IDS/IPS) systems
      • Remote Network Access (IPsec VPN, SSL)
      • Anti-Virus and Anti-Spam (AV/AS)
      • Email and Messaging Security
      • Distributed Denial of Service Architecture (DDoS), Flow and Application Monitoring
      • Understanding of Integrated network architectures, cloud technologies
      • Customers may exist within the government (Federal, state, or local) and may require a US Government personnel security clearance
      • Prior experience filtering logs and feeds for required and useful data, in order to minimize the system/data needs is desirable.
      • Experience working with other big data analytics solutions (Elastic Stack, Palantir, HP ArcSight, etc.) is a plus
      • Undergraduate degree in Computer Science, Engineering, Information systems or related field preferred. Additional years of experience can be substituted in lieu of a degree.
      • Strong work ethic, demonstrated self-starter with a high degree of energy, enthusiasm and a can do attitude to achieve outstanding, timely, and quality results and operate at the highest levels of excellence and process efficiency.
      • Strong communication, presentation and teamwork skills and prior work in a collaborative environment while maintaining a positive open demeanor, encouraging different points of view. If you are a skilled and driven security expert, capable of working independently and as part of the team to complete tasks assigned by leadership, with excellent communications skills and experience in presenting technical issues to a wide variety of audiences then this is a great position for you! - provided by Dice

Keywords: Telesis7, Broomfield , Splunk Enterprise Security Architect, Professions , Broomfield, Colorado