True Zero Technologies, LLC

Splunk Engineer – Core Certified Consultant, ES Accreditation Required

True Zero Technologies, LLC

full-time

Posted on:

Location Type: Remote

Location: United States

Visit company website

Explore more

AI Apply
Apply

Tech Stack

AWSAzureCloudLinuxPythonSplunk

About the role

  • Implement RBA: Develop and implement RBA strategies within Splunk ES to reduce alert noise and focus on high-fidelity alerts.
  • Develop RBA components: Build and implement actionable alerts, workflow actions, risk incident rules, and risk scores.
  • Create dashboards and reports: Design custom dashboards to visualize risk scores and provide context for analysts.
  • Correlate data: Use Splunk's capabilities to correlate disparate events to identify patterns of risky behavior.
  • Build custom solutions: Develop custom machine learning (ML) models to augment alerting and create automated workflows to improve efficiency.
  • Content Development: Develop advanced security content, including dashboards, reports, and alerts, to highlight risk details, health analysis, and risk suppression specific to RBA environments.
  • Data: Collaborate with application and system owners to onboard new data sources (e.g., from Windows, Linux, cloud services like AWS/Azure) and ensure proper parsing and enrichment for effective analysis within RBA.
  • Correlate various data sources, such as logs from operating systems, applications, and cloud providers, into Splunk to feed RBA models.

Requirements

  • Core Certified Consultant is a requirement
  • Technical Expertise: Deep technical expertise in Splunk administration, architecture, and Search Processing Language (SPL).
  • Security Knowledge: Strong understanding of security operations, threat detection, incident response, and security frameworks (e.g., NIST RMF).
  • Preferred relevant Splunk certifications are a plus such as:
  • Splunk Core Certified Power User
  • Splunk Enterprise Certified Admin
  • Splunk Enterprise Certified Architect
  • Splunk ES
  • Scripting: Proficiency in scripting languages like Python, PowerShell, or Bash for automation and data analysis.
  • Willingness to collaborate within an agile environment
Benefits
  • Competitive salary, paid twice per month
  • Best in class medical coverage
  • 100% of medical premiums covered by True Zero
  • Company wide new business incentive programs
  • Contribution Incentives (i.e. white papers, blog posts, internal webinars, etc.)
  • 3 weeks of PTO starting + 11 Paid Holidays Annually
  • 401k Program with 100% company match on the first 4%
  • Monthly reimbursement of Cell Phone and Home Internet costs
  • Paternity/Maternity Leave
  • Investment in training and certifications to broaden and deepen your technical skills
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
RBA strategiesSplunk ESSearch Processing Language (SPL)machine learning (ML)scripting languagesPythonPowerShellBashdata correlationdashboard design
Soft Skills
collaborationagile environment
Certifications
Core Certified ConsultantSplunk Core Certified Power UserSplunk Enterprise Certified AdminSplunk Enterprise Certified Architect