Seach

Splunk Enterprise Security Engineer(remote)

Splunk ES Engineer(remote)

This is a US based remote position.

BlueVoyant is seeking an experienced Splunk Engineer to work with some of the top minds in cybersecurity and be at the forefront of driving a successful partnership with Splunk as BlueVoyant implements the latest in Splunk Cloud capabilities. For this role you need to have experience with Enterprise Security(ES) and have an understanding of how Splunk, ES, and the supporting apps interact with one another at the search and configuration level.

A Splunk Engineer should have either an active Splunk Certified PowerUser cert or the Splunk Certified Developer certificate. In some cases, Splunk Engineers may show sufficient expertise without either of these certs.

Splunk Engineers must successfully work with Platform engineers to ensure integration of Splunk within the broader platform, including articulating requirements for Splunk on the Platform/Application side and implementing Requirements on the Splunk side.

Qualifications for the Role:

●    At least 2 years of experience creating custom dashboards, interacting with and helping to develop/implement APIs or other automation with Splunk Enterprise, experience with Splunk Cloud and APIs is not required but preferred.
●    Hands-on experience developing and supporting enterprise technology and network infrastructure in a hybrid-cloud environment, AWS and/or Azure preferred.
●    Strong Ansible, Terraform, Git, Chef, Puppet, and/or other automation technologies and their use with Splunk.
●    JS / XML and extensive dashboarding experience.
●    Experience with ES and data ingest, data normalization (e.g. off the shelf TAs and alternative technologies such as home grown TAs or Cribl), as well as search/query design and run(and the differences between Federated Search and standard peering or Hybrid model).
●    Strong understanding of the underlying search processes and components (lookups, modular inputs, standard inputs, relationships between varying configuration files, etc.)
●    Solid understanding of data flow, data formatting/normalization, and logging best practices.
●    Develop custom scripted Splunk inputs using Python, Bash, Perl, to collect unique customer data when native collection methods were lacking a plus.
●    Broad experience with Operation Centers like SOC, NOC, TOC, and/or MSS operations.
●    Strong understanding of networking protocols and network-level troubleshooting a plus.
●    Experience with Cribl, Logstash, Elastic, and other log/data management tools a plus.
●    Experience with Kafka is a plus.
●    Experience with Phantom and other SOAR solutions.
●    Splunk Certified PowerUser or Splunk Certified Developer certificate preferred.

What you will do as an Splunk Engineer:

●    Develop dashboards and ES content for client’s at scale.
●    Work with/assist in development of automation pipelines.
●    Keep up with latest technologies from Splunk(Federated Search, ACS, SPS, etc) and propose solutions around them.
●    Engineer and deploy custom log collection solutions.
●    Coordinate with product management, client delivery teams, and corporate management to execute aggressive, but realistic, projects.
●    Stay current on security products, log management, and data parsing technologies, advise on products as needed.

About BlueVoyant

At BlueVoyant, we recognize that effective cybersecurity requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics and technology, coupled with deep expertise, works as a force multiplier to secure your full ecosystem. Accuracy! Actionability! Timeliness! Scalability!

Led by CEO Jim Rosenthal, BlueVoyant’s highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200 and GCHQ, together with private sector experts. BlueVoyant services utilize large real-time datasets with industry-leading analytics and technologies.

Founded in 2017 by Fortune 500 executives, including Executive Chairman Tom Glocer, and former Government cyber officials, BlueVoyant is headquartered in New York City and has offices in Maryland, Tel Aviv, San Francisco, London, Budapest, and Latin America.

All employees must be authorized to work in the United States. BlueVoyant provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, BlueVoyant complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.