Job Description

Primary responsibilities for administration and development & integration support for Splunk Cloud. Develops, recommends, implements, and manages the technical architecture (hardware, software, database, and communications) which will be used for all or specific applications in a large, distributed cross-platform environment. Responsibilities also include the identification of relevant information and the determination of the environment, which will be used for development.

In this role the Senior Splunk Security Specialist will:

• Provide engineering and operational support for the Splunk Cloud Security Incident and Event Management (SIEM) platform. This includes assisting with the implementation and support of SPLUNK Cloud across multiple environments and varying OS types.
• Provide integration support and development effort on design related changes or introduction of new business requirements to Splunk Cloud.
• Support ongoing work efforts to develop and administer Splunk Cloud can continue as new requirements, functionality or integration is required to enable our modern enterprise security monitoring program and target state operating model within the current project timelines.

General Skills:

• Leadership experience in the development and implementation of technical security architectures at the specified experience level
• Extensive experience with at least two cloud service providers (i.e. AWS, Azure, GCP) , enterprise security services, Identity and database technologies, and network access protocols
• Experience in structured methodologies for the design, development and implementation of cloud applications
• Extensive experience in systems analysis and design in large secure solution environments
• Knowledge and experience designing processes around ITIL and is able to guide others using this methodology
• Experience translating business requirements into solution needs
• Experience preparing conceptual, logical and/or physical processes and data models
• Experience developing, recommending, implementing and managing technical security architecture
• Awareness of emerging technologies, trends and directions
• Excellent analytical, problem-solving and decision-making skills; verbal and written communication skills; interpersonal and negotiation skills
• A team player with a track record for meeting deadlines
• Knowledge and understanding of Information Management security principles, concepts, policies and practices

SkillsExperience and Skill Set Requirements

Experience and Skill Set Requirements

Advanced knowledge and experience with Security Information & Event Management technology: (45%)

SIEM:

• SPLUNK Cloud (Must)
• Azure Sentinel

Cloud Infrastructure:

• Infrastructure as a Service (IaaS)
• Platform as a Service (PaaS)
• Software as a Service (SaaS)

Agile Project Delivery (15%)

Experience working on agile project delivery teams. Working experience with:

• Backlog
• User stories
• Scrum
• Sprints

Security Operations Experience (35%)

• SIEM use case development, rationalization and configuration.
• SIEM dashboard creation
• Security operational process development and documentation (playbooks/runbooks)
• MITRE Framework

Previous Public Sector Experience (5%)

• Previous public sector work experience is considered a positive

Must Haves:

SIEM knowledge with Azure Sentinel and/or Splunk Cloud

Experience with SIEM dashboard creation and MITRE Framework

Operational experience - use case development and configuration.