Splunk Security Engineer

Job Description

**At Zotec Partners, our People make it happen.**  

**Innovators, Collaborators and Doers.**  

**Splunk Security Engineer**  

**Splunk Security Engineer**  

**What you'll do:**

* Splunk Implementation and Maintenance

* Administer and maintain our Splunk Enterprise environment and Splunk Cloud setup

* Deploy, configure, and update Splunk Enterprise Security (ES) and IT Service Intelligence (ITSI)

* Coordinate and configure new Splunk resources as needed

* Configure and secure Splunk endpoints

* Install, configure, and update various Splunk applications and add-ons from Splunkbase

* Keep Splunk and Splunkbase apps up to date

* Run periodic health checks on Splunk systems

* Manage Splunk deployments to servers and workstations

* Update user index permissions
* Dashboard and Search Development

* Design, develop, optimize, and maintain Splunk dashboards, reports, and alerts

* Create and refine search queries using SPL to improve detection capabilities

* Develop custom visualization solutions to meet specific business requirements

* Create reusable dashboard components to ensure consistency across the environment

* Implement role-based access controls for dashboards and reports

* Provide training and support to end users on dashboard functionality

* Assist team members with dashboard creation and search building

* Extract complex fields from different types of log files using regular expressions
* Data Ingestion and Management

* Onboard and integrate new data sources into the Splunk environment

* Setup Splunk Technical Add-ons (TAs) for ingestion

* Configure and implement HTTP Event Collector (HEC) tokens

* Setup proper parsing and field extractions for custom log types

* Validate and refine Splunk license usage based on incoming logs

* Work with development teams to implement logging standards for custom applications

* Support cloud-based ingestion from AWS, Google Cloud, and SaaS platforms
* Troubleshooting and Support

* Troubleshoot Splunk-related issues and performance problems

* Assist Security and Operations teams with incident investigations using Splunk

* Provide on-call support during security incidents and investigations

* Assist with Universal Forwarder troubleshooting

* Perform analysis on log data and troubleshoot missing log errors from sources
* Collaboration and Requirements

* Participate in on-call rotation to support security investigations and assist with incidents as needed

* Stay current with Splunk updates, security threats, and industry best practices

* Other duties as assigned

**What you'll bring to Zotec:**

* 3 years of experience administering and supporting Splunk environments
* Experience with Splunk Enterprise Security (ES) and/or IT Service Intelligence (ITSI)
* Strong understanding of search processing language (SPL) and dashboard creation
* Knowledge of log sources, parsing, and normalization techniques
* Detailed technical knowledge of database and operating system security
* Experience with Linux/Unix, Windows, and MacOS operating systems
* Understanding of network security concepts and security monitoring
* Strong analytical and problem-solving abilities
* Excellent communication and documentation skills
* Ability to work under pressure and adapt to changing priorities
* Detail-oriented with strong organizational skills
* Team-oriented and skilled in working within a collaborative environment
* Ability to prioritize tasks and manage time effectively
* Professionally exercises discretion and independent judgment in day-to-day work

**Preferred:**

* Splunk certifications (Splunk Certified Admin, Architect, or similar)
* Experience with cloud environments (AWS, Azure, GCP)
* Experience integrating custom application logs and working with development teams
* Knowledge of SIEM concepts and security frameworks (MITRE ATT\&CK, NIST)
* Advanced dashboard development skills including JavaScript, CSS, and XML
* Scripting/programming experience (Python, PowerShell)
* Familiarity with web-related technologies and protocols
* Experience with Splunk Observability and Smartstore deployments

At Zotec, you will enjoy a network of highly experienced professionals in an environment where you can operate with autonomy yet have the resources and backing of other professionals in a similar role. Entrepreneurial and enterprising is the spirit of our team. If you are an original thinker and opportunity seeker, we'd like to talk to you!

Learn more about our organization, by visiting us at www.zotecpartners.com  

E-Verify and Equal Opportunity Employer