Splunk Engineer - Consultant Certified / ES Accreditation Required (R-00077)

True Zero Technologies, a veteran-owned small business, was founded on the principle that the purposeful enablement of people and technology in an organization directly ties to the quality of its outcomes. True Zero recognizes that said outcomes begin and end with our people, and that is what we have built—a community of like-minded, driven, and passionate individuals and innovators who are aligned in a common goal of delivering top-tier services to our customers.

In 2023, True Zero was recognized as a “Best Places to Work” in two categories: "Prosperous and Thriving" ($5MM – $50MM in gross revenue) and "Mid-Atlantic Region" (DC, DE, MD, NC, VA, WV). In 2022, it was also recognized as one of Inc. Magazine’s Top 5000 Fastest Growing Companies.

The candidate will be part of a team of Splunk Engineers maintaining various client Splunk instances, focusing on data onboarding, content development, reporting, and visualizations. All candidates must have prior Splunk engineering and administration experience, meet certification prerequisites, and work well in a team environment. Support experience with federal customers is a plus.

As a TZT consultant, the candidate will have access to the full knowledge base driven by the True Zero community and the technical support of the entire PS team. We encourage collaboration and growth through information sharing and workshops. Additionally, the candidate will have access to our internal Slack channel and tools for training, demos, testing, and professional development.

• US Background Check Required
• Experience with Risk-Based Alerting and leveraging resources for efficiency
• Accredited Enterprise Security Administrator in Splunk
• Splunk Core Certified Consultant
• Extensive experience with Splunk ES in a professional setting
• Experience ingesting logs into Splunk via Cribl
• 3-5 years of professional experience preferred
• Developing and implementing actionable alerts and workflows for Splunk as a SIEM
• Developing and implementing Apps & Knowledge Objects like dashboards, reports, data models
• Collaborating with the Splunk Architect/Admin to promote private KO to Global KO
• Training CISO Splunk Engineering teams on Data Lifecycle
• Supporting and training CISO teams and analysts on searching and content development
• Automating workflows to improve efficiency using Splunk
• Developing risk and incident rules for cyber event alerts
• Creating custom dashboards for Risk Based Alerting (RBA)
• Configuring incident response workflows for notable events
• Developing machine learning models for anomaly detection
• Implementing and maintaining event logging across various systems and cloud providers, understanding network protocols and telemetry

We’re actively seeking talented security and technology practitioners ready to experience the True Zero difference. As a team member, you’ll enjoy:

- Competitive salary, paid twice monthly

- Top-tier medical coverage with 100% premiums covered

- Company-wide new business incentive programs

- Contribution incentives (white papers, blogs, webinars)

- 3 weeks PTO plus 11 paid holidays annually

- 401k with 100% match on the first 4%

- Monthly reimbursement for cell phone and internet

- Paternity/maternity leave

- Investment in training and certifications to enhance your skills