Senior Cybersecurity Engineer
NiSource
CloudCyber SecuritySplunk
Splunk Engineer
CACI International Inc
full-time
Posted on:
Origin: • 🇺🇸 United States • Virginia
Visit company websiteSalary
💰 $98,500 - $206,800 per year
Job Level
Mid-LevelSenior
Tech Stack
CloudPythonSplunk
About the role
- Development, customizations, and maintenance of interactive dashboard(s), reports, and visualizations to Change Management, CIM compliance, Enterprise Security.
- Creation, management, and tuning of alerts to notify stakeholders of critical events and security incidents.
- Design and managing knowledge objects, such as field extractions using regex log parsing, event types, tags, and data models, to normalize data and improve search efficiency.
- Collaboration with Splunk Team members to ingest and normalize new data sources, ensuring compliance with the Common Information Model (CIM) and enterprise logging standards.
- Utilize Search Processing Language (SPL) to create complex queries, perform investigations, and provide deep data analysis for various use cases.
- Integration of various applications with Splunk, utilizing Splunk REST API to query endpoints.
- Build custom Technology Add-ons (TAs) to streamline data ingestion and improve overall Splunk system functionality.
- Attend Agile team ceremonies (daily stand-ups, Sprint Planning) and scheduled team calls.
Requirements
- Bachelor's degree in Computer Science, Information Technology, or a related field, or equivalent work experience.
- Current Security+ certification
- Ability to pass T5 investigation
- 3+ years of hands-on experience in Splunk administration and development in an enterprise-level environment.
- Expertise with Splunk Enterprise and strong knowledge of the Search Processing Language (SPL).
- Proven experience creating complex dashboards, reports, and alerts.
- Solid understanding of Splunk architecture, data ingestion, and optimization best practices.
- Strong experience with regular expressions for field extractions.
- Excellent written and verbal communication skills with the ability to document technical processes and requirements.
- Must openly communicate and share knowledge and solutions with team members
- Strong attention to detail and accuracy.
- Ability to work independently and as part of a team.
- Problem-solving skills and a proactive approach to work.
- Attend daily stand-up (DSU) meetings, Sprint Planning, weekly camera sync and other scheduled team calls
- Ability to travel up to 10% (Percentage of Travel Required: Up to 10%)
- Preferred: Splunk certification(s), such as Splunk Core Certified Advanced Power User or Splunk Enterprise Certified Admin.
- Preferred: Experience with Splunk Enterprise Security (ES) or IT Service Intelligence (ITSI).
- Preferred: Proficiency in scripting languages like Python for Splunk automation.
- Preferred: Familiarity with cloud environments and associated security best practices.
- Preferred: Familiarity with Agile processes
