Splunk Engineer in Alpharetta, GA at HUNTER Technical Resources

Date Posted: 1/30/2020

Job Snapshot

  • Employee Type:
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:
  • Job ID:

Job Description


The Sr. Splunk Engineer will be working with multiple Splunk installations located in the cloud. Data sources/logs are forwarded to a message streaming pipeline and delivered via this pipeline to Splunk. The main users of Splunk are the client' s Security Operations Center (SOC). The SOC team will be the Splunk Engineer' s main customer, but the engineer will have to work with all  technology teams to ensure that the logs are properly delivered from both cloud environments and on-premise systems.

The selected candidate will provide overall engineering and design support for a very large distributed Splunk environment consisting of heavy forwarders, indexers, and search head servers, spanning security, performance, and operational roles. The Splunk engineer will support the full system engineering life-cycle, including requirements analysis, design, development, integration, test, documentation, and
implementation following defined best practices and operational workflows. The goal of the current project is to normalize Splunk operations and harden the solution engineering of the platform.

  • Data source onboarding, content development, and access administration.
  • Onboard new log / data sources and ensure the data is parsed such that the SOC analysts can use it for the intended purpose.
  • Ensure the SOC analysts are aware of new data sources and know how to access them.
  • Gather requirements for new Splunk content (reports, dashboards, etc.) from the SOC analysts.
  • Architect, design, support, and maintain Splunk infrastructure for a highly available and disaster recovery configuration
  • Administer Splunk and Splunk Application for Enterprise Security (ES) log management
  • Troubleshoot Splunk server and agent problems and issues
  • Assist internal users of Splunk in designing and maintaining production-quality dashboards
  • Mentor users and other groups on their use of Splunk
  • Design core systems performance and troubleshooting logs
  • Support Splunk on Unix, Linux and Windows-based platforms
  • Perform data mining and analysis, utilizing various queries and reporting methods
  • Solve complex Integration challenges and debug complex configuration issues
  • Technical writing/creation of formal documentation such as architecture diagrams, technical designs, and SOPs
  • Develop the content for consumption by the SOC analysts.
  • Administer access to Splunk content.
  • Implement Splunk apps provided by 3rd parties for ingestion into Splunk of data generated or collected by their tools (e.g. logs and alerts from antivirus, firewalls, etc.).
  • Handle the ingestion of data from non-syslog data sources (e.g. CSVs, JSON, etc.) for use in reporting, analysis, etc.

Required Qualifications
  • Senior Splunk Developer with 2+ years of log on-boarding and content development experience.
  • Splunk capacity planning and architecture skills.
  • Experience developing Splunk applications.
  • Must have excellent written and oral communication skills
  • College Degree or equivalent experience
  • Experience in Splunk deployments in AWS/GCP

  • Experience developing analytics for event correlation to improve detection of malicious activity (e.g. insider threat behavior, advanced persistent threat activity)
  • 4+ years of experience in a senior Splunk role
  • 3+ Years experience in Linux and SQL/ODBC interfaces
  • 2+ Years experience in app interface development, using REST APIs