Senior Splunk Engineer
W@tchTower ® is a modern SOC company powered by W@tchTower technology. We provide products, professional services, and MSSP services to empower our customers to have organized, automated, orchestrated and cost effective security operations capabilities. Our company is a modern company that is employee and family focused. We provide an open inclusive environment, opportunities for leadership and growth, as well as employee driven flexible work hours/work weeks, and very rich employee benefits. W@tchTower ®, employees have access to the most state-of-the-art detection and SOAR technology in the industry and connection to innovative and cutting-edge projects.
We are seeking strong technical candidates to join the W@tchTower team as a Senior Splunk Engineer. This role will be customer facing supporting different projects across commercial and government. The ideal candidate must possess strong technical and soft skills with Security Information and Event Management (SIEM) technologies and event log collection. You will be involved in the planning, implementation and ongoing support of Splunk capabilities across different customers. This includes close coordination with both the clients as well as the W@tchTower SOC team working on all aspects of the Splunk environment from data source onboarding and ingest, indexing and data models, to developing and tuning correlation searches, alerts, adaptive response actions, dashboards, and other content.
At W@tchTower ® we pride ourselves on being lifelong learners, dedicated to high technical standards. Whether it is internal sharing of technical skills, formal education, or training we promote continuous learning for all W@tchTower ® employees. We are looking for individuals focused on team collaboration and who are curious, out of the box thinkers.
Requirement: Must be a U.S. Citizen and be able to pass a government or commercial background check
Salary : Commensurate with experience
- 8+ years experience deploying and operating large, enterprise-wide Splunk (both OnPrem and cloud) including deep experience with Splunk Enterprise Security
- 5+ years experience leading deployment and operations
- 3+ years experience in Linux.
- 3+ years experience Python, PowerShell and other scripting languages.
- Knowledge of incident response handling process and procedures.
- Experience with extending Splunk CIM data models and developing and maintaining data model enabled content (correlation searches, dashboards, etc)
- Experience with updating data source ingest to be CIM data model compliant
- Experience working in cloud apps.
- Exposure and experience in 3rd-party tooling including Microsoft E5 Security Suite (O365/Azure), AWS
- SIEM Product experience including ArcSight, Qradar.
- Understanding of network protocols
- Network+, Security+, CCNA Security, CISSP, GIAC, Linux+
- Bachelor's Degree in Computer Science or Information Systems or a related field or equivalent work experience.
Job Type: Full-time
Job Type: Full-time
Pay: $74,721.00 - $138,440.00 per year
- Bachelor's (Preferred)
- Splunk: 7 years (Preferred)
- Fully Remote
- Only full-time employees eligible
- Remote interview process
- Personal protective equipment provided or required
- Social distancing guidelines in place
- Virtual meetings