Splunk Architect in Alpharetta, GA at HUNTER Technical Resources

Date Posted: 1/30/2020

Job Snapshot

  • Employee Type:
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:
  • Job ID:

Job Description

Job Description:
The Splunk Architect will be working with multiple Splunk installations located in the cloud and help lead an effort to help mature our Security Information Event Monitoring system. Data sources/logs are forwarded to a message streaming pipeline and delivered via this pipeline to Splunk. The main users of Splunk are the client' s Security Operations Center (SOC). The SOC team will be the Splunk Architect' s  main customer, but the Splunk Architect will have to work with all technology teams to ensure that the logs are properly delivered from both cloud environments and on-premise systems.The selected candidate
will provide overall engineering and design support for a very large distributed Splunk environment consisting of heavy forwarders, indexers, and search head servers, spanning security, performance, and operational roles. The Splunk Architect will support the full system engineering life-cycle, including requirements analysis, design, development, integration, test, documentation, and implementation following defined best practices and operational workflows.

The goal of the current project is to normalize Splunk operations and harden the solution engineering of the platform. A successful candidate will work well under pressure and provide industry standard support and guidance as we grow our coverage using Splunk. This role will operate within a security squad and work closely with operations, engineering, development, and security analysts alike. The role will require interaction with many different teams which will necessitate solid communication skills.

  • Partner with security, development and operation teams to facilitate log ingestion and analysis.
  • Participate in requirements gathering, prototyping, architecting, and triaging of operational issues
  • Maintains, upgrades, advises and cross-trains team members on the operation of the Splunk platform
  • Architect, design, support, and maintain Splunk infrastructure for a highly available and disaster recovery configuration
  • Administer Splunk and Splunk Application for Enterprise Security (ES) log management
  • Design core systems performance and troubleshooting logs
  • Support Splunk on Unix, Linux and Windows-based platforms
  • Solve complex Integration challenges and debug complex configuration issues
  • Technical writing/creation of formal documentation such as architecture diagrams, technical designs, and SOPs
  • Administer access to Splunk content.
  • Implement Splunk apps provided by 3rd parties for ingestion into Splunk of data generated or collected by their tools (e.g. logs and alerts from antivirus, firewalls, etc.).
  • Handle the ingestion of data from non-syslog data sources (e.g. CSVs, JSON, etc.) for use in reporting, analysis, etc.
  • Define engineering work to stabilize and ensure the health of the Splunk system

Requried Qualifications
  • Knowledge of and experience designing Splunk installations in Cloud computing platforms
  • 3+ years of Splunk Architect experience.
  • Understanding of Data structures and designing highly available systems.
  • Ability to design Splunk Enterprise architecture.
  • Strong Linux systems application and infrastructure knowledge.
  • Strong Proficiency with regular expressions.
  • Strong Python, SQL (Powershell a plus)
  • Analytical thinker. Works well with abstract instruction and little supervision.
  • A clear understanding of storage fundamentals and understanding/measuring storage performance at scale.
  • 7+ years of IT industry-related experience
  • Team player; works well in groups.
  • Excellent written and verbal communication.
  • BA/BS preferred in computer science, computer engineering or equivalent work experience.
  • Scripting and coding experience
  • SPLUNK Architecture certification.

  • Information Security related certification (Security+, CISSP, CISM, etc).