Splunk Architect

About the Role

Key Responsibilities

• Administer the Splunk based log management system and analyze the current logging capabilities.
• Ensure the Agency Information Security systems and Cisco Information Security systems are sending all required logs to the log management system.
• Maintain the Log Management and Security Information and Event Management (SIEM) system to collect and aggregate IDS/IPS data, raw data from collection agents, firewalls, proxy servers, DLP, antivirus/endpoint protection software, and vulnerability scanners.
• Tune the SIEM and IDS/IPS events to minimize false positives.
• Generate vulnerability tickets in Jira and ServiceNow for vulnerability remediation.
• Validate that Cisco-GTTS log retention requirements are configured properly within the log management system.
• Identify shortfalls in current log sending capabilities and systems not transmitting logs to the log management system.
• Work with GTTS-SOC to develop dashboards and Splunk Playbook.
• Provide technical guidance to administrators of other IT systems to ensure logs are sent correctly.
• Configure role-based access controls within Cisco-GTTS's log management system.
• Integrate Qmulos within Splunk and manage compliance.
• Configure Splunk User Behavior Analytics and develop SOAR strategies with the security team.

Requirements

• 7 years of experience with Splunk.
• Minimum 10 years of relevant experience.
• Must have Splunk Architect Certification.
• Experience in architecture, design, support, maintenance, and expansion of enterprise log management/SIEM infrastructure.
• Experience in monitoring enterprise log management/SIEM server and agent infrastructure for capacity planning and system optimization.
• Experience in deployment, configuration, and maintenance of log forwarder agents across UNIX and Windows platforms.
• USA Citizen.
• Experience in collaboration with IT stakeholders for log management/SIEM reports and dashboards.
• Experience in documentation related to log management/SIEM infrastructure.
• Advanced system administration skills with Linux operating systems.
• Knowledge of regular expressions, scripting, and application development languages (e.g., Python, Perl, JavaScript, Linux shell scripting).
• Understanding of security best practices.
• Experience with cloud platforms (AWS, Azure) and Splunk Cloud.
• Knowledge of cybersecurity principles and security operations.

Nice to Have

• Experience with security incident response and vulnerability management.
• Experience migrating from on-premises Splunk to Splunk Cloud.
• TS clearance (optional).

Qualifications

• Splunk Architect Certification

Benefits & Perks

• Comprehensive medical benefits
• Competitive pay
• 401(k) retirement plan
• …and much more!