Seach

Splunk Senior Architect/Developer (Remote)

Splunk Senior Architect/Developer (Remote)

BlueVoyant is seeking an experienced Splunk Architect/Developer to work with some of the top minds in cybersecurity and be at the forefront of driving a successful partnership with Splunk as BlueVoyant implements the latest in Splunk Cloud capabilities.  For this role you need to have the ability to deploy large scale clusters of Splunk Core and supporting apps (e.g., Enterprise Security(ES), ITops, etc.), and have an understanding of how Splunk and the supporting apps, most notably ES, interact with one another at a fundamental level.

This job can be performed remotely.

Splunk Architects/Developers should have at least 2 years of experience with ES, and have either an active Splunk Certified Architecture cert or the Splunk Certified Developer certificate. In some cases, Splunk Architects/Developers may show sufficient expertise without either of these certs.

Architects/Developers must demonstrate full knowledge and ability to build, scale and troubleshoot all facets of Splunk Cloud and ES from data ingest, data normalization (e.g. off the shelf TAs and alternative technologies such as home grown TAs or Cribl) search/query design and run(and the differences between Federated Search and standard peering or Hybrid model), application component utilization, component resourcing (e.g. underlying infrastructure requirements), inter-component communications and tradeoffs (e.g. DNS vs IP tables, usage of SSL, etc.) and underlying platform requirements.

Architects/Developers must successfully work with Platform and Core engineers to ensure integration of Splunk within the broader platform, including articulating requirements for Splunk on the Platform/Application side and implementing Requirements on the Splunk side.

Role Success Criteria:

●    Deep Experience working with Splunk and APIs, CI/CD pipeline automation and integration with Splunk and other cloud native technology API endpoints using python, ansible, salt, chef, and other tools.
●    Deep Splunk Enterprise Security knowledge and experience, “under the hood” knowledge.
●    Exceptional understanding and proficiency at Data handling/data ingest via a variety of methods (TAs, Cribl, use of Regex, etc.). “Getting Data In,” expertise- Inputs Data Manager API, or DSP/SPS knowledge.
●    Ability to articulate tradeoffs between traditional on-prem and cloud-based Splunk deployments
●    Analyze and articulate risks, tradeoffs and debt associated with Splunk and ES configurations and component implementations.
●    Successfully communicate and coordinate delivery of ES / TAs / automation solutions with other team members such as Platform and Core Application Engineering
●    Experience working with multi-tenant environments or MSSPs is a plus.
●    Ability to provide hands-on assistance with implementation, troubleshooting, maintenance and scale for all facets of the platform including (but not limited to):
○    API automation and integration with Splunkcloud and ES
○    Python/Javascript – experience with REST and APIs
○    Integration with ServiceNow, Phantom, and other similar platforms
○    Data Ingest/Normalization, ideally experience with Cribl
○    Queries (saved and ad hoc)
○    Visualizations (e.g. Dashboards/Reports)
○    Infrastructure (e.g. AWS)

●    Client interaction and travel are NOT required for this role

Ideal candidates will:

●    Thrive in our small, fast-paced, product-driven environment.
●    Collaborate with teams from across the organization.
●    Execute on tight schedules and under pressure.
●    Present ideas in business-friendly and user-friendly language.
●    Engineer systems that are maintainable, flexible and scalable.
●    Follow a disciplined workflow driven by well-defined requirements.
●    Demonstrate ownership of tasks with escalation as needed.
●    Be a subject matter expert in how a set of technologies work together.
●    Relentlessly push for successful operational outcomes.

About BlueVoyant

At BlueVoyant, we recognize that effective cyber security requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics and technology, coupled with deep expertise, works as a force multiplier to secure your full ecosystem. Accuracy! Actionability! Timeliness! Scalability!

Led by CEO, Jim Rosenthal, BlueVoyant’s highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200 and GCHQ, together with private sector experts. BlueVoyant services utilize large real-time datasets with industry leading analytics and technologies.

Founded in 2017 by Fortune 500 executives, including Executive Chairman, Tom Glocer, and former Government cyber officials, BlueVoyant is headquartered in New York City and has offices in Maryland, Tel Aviv, San Francisco, London, Budapest and Latin America.

All employees must be authorized to work in the United States. BlueVoyant provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, BlueVoyant complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities.