Splunk Engineer
Overview Details:
-Onboard applications into Splunk for SEIM -Create a data input in Splunk:
Once the logs are being forwarded to the Splunk platform, create a data input to define the source and format of the log data.
-Discover the application's logging capabilities & requirements from stakeholders regarding data logs, data types, formats, and use cases.
-Analyze data sources to determine the best method for ingesting data into Splunk, such as using Splunk forwarders, indexes, API integration, or custom scripts.
-Implement and configure Splunk apps, add-ons, or plugins specific to the application being onboarded.
-Configure the agent or log file collector to collect the logs from the application and forward them to the Splunk platform.
-Develop parsing rules to extract the relevant data from the logs and create fields in Splunk to store that data.
-Map fields to CIM (Common Information Model) fields.
-Test data ingestion pipelines and search performance in a Dev environment, prior to rolling into production.
-Document onboarding process, including search queries, dashboard creation, and alert types.
Key
Responsibilities:
-Install & Configure Splunk forwarders and other integrators.
-Develop and maintain Splunk infrastructure, including indexers, search heads, forwarders, and deployment servers.
-Design and implement Splunk apps, dashboards, and reports to support security and compliance monitoring.
-Collaborate with the security operations team to identify and integrate new data sources into Splunk.
-Configure and maintain Splunk alerts and notifications to support incident response.
-Onboard applications onto Splunk by working with application owners and stakeholders to understand the data generated by the application, configuring data inputs, and parsing rules, and testing the data to ensure that it is being properly ingested and indexed in Splunk.
-Troubleshoot and resolve Splunk-related issues and work with vendors to resolve issues that cannot be resolved in-house.
-Stay up to date with the latest Splunk features and capabilities and make recommendations for new solutions or enhancements to existing solutions.
-Participate in on-call rotation for after-hours support.
Required Skills:
-Bachelor's degree in computer science, information systems, or a related field (Preferred).
-6-10 years of experience as a Splunk Engineer.
-Strong understanding of Splunk architecture, including indexers, search heads, forwarders, and deployment servers.
-Demonstrated experience designing and implementing Splunk apps, dashboards, and reports.
-Experience with Splunk Enterprise Security, Splunk ITSI, and Splunk Cloud.
-Experience with scripting languages such as Python, Bash, or PowerShell.
-Strong analytical and problem-solving skills.
-Excellent written and verbal communication skills.
Good to have:
-Splunk Certified Architect or other Splunk certifications.
-Experience working in a security operations center (SOC).
-Experience with networking and security technologies such as firewalls, intrusion detection systems, and security information and event management (SIEM) solutions.
-Experience with cloud computing platforms such as AWS, Azure, or GCP Recommended Skills Api Amazon Web Services Analytical Architecture Bash (Scripting Language) Communication Estimated Salary: $20 to $28 per hour based on qualifications.
-Onboard applications into Splunk for SEIM -Create a data input in Splunk:
Once the logs are being forwarded to the Splunk platform, create a data input to define the source and format of the log data.
-Discover the application's logging capabilities & requirements from stakeholders regarding data logs, data types, formats, and use cases.
-Analyze data sources to determine the best method for ingesting data into Splunk, such as using Splunk forwarders, indexes, API integration, or custom scripts.
-Implement and configure Splunk apps, add-ons, or plugins specific to the application being onboarded.
-Configure the agent or log file collector to collect the logs from the application and forward them to the Splunk platform.
-Develop parsing rules to extract the relevant data from the logs and create fields in Splunk to store that data.
-Map fields to CIM (Common Information Model) fields.
-Test data ingestion pipelines and search performance in a Dev environment, prior to rolling into production.
-Document onboarding process, including search queries, dashboard creation, and alert types.
Key
Responsibilities:
-Install & Configure Splunk forwarders and other integrators.
-Develop and maintain Splunk infrastructure, including indexers, search heads, forwarders, and deployment servers.
-Design and implement Splunk apps, dashboards, and reports to support security and compliance monitoring.
-Collaborate with the security operations team to identify and integrate new data sources into Splunk.
-Configure and maintain Splunk alerts and notifications to support incident response.
-Onboard applications onto Splunk by working with application owners and stakeholders to understand the data generated by the application, configuring data inputs, and parsing rules, and testing the data to ensure that it is being properly ingested and indexed in Splunk.
-Troubleshoot and resolve Splunk-related issues and work with vendors to resolve issues that cannot be resolved in-house.
-Stay up to date with the latest Splunk features and capabilities and make recommendations for new solutions or enhancements to existing solutions.
-Participate in on-call rotation for after-hours support.
Required Skills:
-Bachelor's degree in computer science, information systems, or a related field (Preferred).
-6-10 years of experience as a Splunk Engineer.
-Strong understanding of Splunk architecture, including indexers, search heads, forwarders, and deployment servers.
-Demonstrated experience designing and implementing Splunk apps, dashboards, and reports.
-Experience with Splunk Enterprise Security, Splunk ITSI, and Splunk Cloud.
-Experience with scripting languages such as Python, Bash, or PowerShell.
-Strong analytical and problem-solving skills.
-Excellent written and verbal communication skills.
Good to have:
-Splunk Certified Architect or other Splunk certifications.
-Experience working in a security operations center (SOC).
-Experience with networking and security technologies such as firewalls, intrusion detection systems, and security information and event management (SIEM) solutions.
-Experience with cloud computing platforms such as AWS, Azure, or GCP Recommended Skills Api Amazon Web Services Analytical Architecture Bash (Scripting Language) Communication Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
