Vacancy expired!
- Analyze and support senior engineers in management and deployment with large scale, distributed, and clustered Splunk environments
- Assist with log ingestion, aggregation, and retention strategies to meet policy and operational requirements
- Assist with onboarding new data sources into Splunk, analyze the data for anomalies and trends, and build dashboards highlighting the key trends of the data
- Assist with reporting around SIEM and detection activities/efforts
- Create operations documentation for maintaining the Splunk infrastructure
- Act as point of contact for Splunk end-users and application owners
- Troubleshoot Splunk performance issues / open support cases with Splunk
- An associate's or bachelor's degree in computer science, cybersecurity, or related fields
- Strong understanding of Windows and Linux administration utilizing Command Line Interface (CLI)
- Strong understanding of Splunk data onboarding, including Splunk App/TA configuration, CIM validation, data normalization, data modeling, and advanced search and reporting commands
- Strong understanding of fundamental basics of the Splunk infrastructure, components, system log files, and other structured and non-structured data (lookups, modular inputs, standard inputs, relationships between varying configuration files, etc.)
- Experience deploying and managing Splunk indexer clusters, search head clusters, and forwarders
- Python experience is preferred
- REGEX is preferred