Sr. Splunk Enterprise Security App Dev/Administrator (Remote) – (BHJOB22048_762)

Sr. Splunk Enterprise Security App Dev/Administrator (Remote) – ITmPowered

The Sr. Splunk Enterprise Security Developer Administrator will develop, create, integrate, and administer a highly advanced Splunk Security application (eSAR) developed internally to detect improper access to protected data by employees and malicious user activity. Develop Splunk Apps and add-ons in support of Security Access cyber threat monitoring, threat management, and data compliance across numerous business-critical enterprise applications. Work with Splunk Developers using Agile development and project management methodologies, and support Splunk development, data integrations, and application administration.

RESPONSIBILITIES:

• Administer Splunk and Splunk App for Enterprise Security (ES) log management, ingestion, normalization.
• Advanced Splunk analytics and the development and administration of custom Splunk applications.
• Splunk data integrations with business-critical enterprise applications and systems.
• Translating feedback from the business to Splunk technical requirements and solutions.
• Develop specialized Splunk Security and Compliance applications, add-ons, data models, dashboards, content using Python, Splunk SPL, Splunk SimpleXML (or JavaScript, CSS), Bash.
• Develop custom Splunk applications and Add-Ons for inclusion of access events per use case criteria.
• Leverage modular design to onboard access/security logging applications and include in incident scoring.
• Develop Splunk Risk scoring based on compliance conditions to determine suspicious access events.
• Develop custom risk scoring to weed out white noise and only show actionable incidents to SOC Analysts.
• Develop Dashboards for Security Analysts with detailed drill-down capability for incident response.
• Develop triage workflows for analysts to assign and track ongoing investigations.
• Develop summary indexing enrichment of access events with IAM data, Application data, Break-the-Glass logs.
• Aggregate access event data for specific criteria.
• Enable fast searching across fully enriched access events over long periods of time.
• Develop Break-the-Glass correlations in Splunk for contextual user access/app data mapping & monitoring.

Skills and experience:

• Active Splunk Enterprise Certified Architect or Splunk Certified Developer – Required at a minimum.
• Splunk Core Certified Consultant – Strongly preferred.

Required Experience: In addition to active Splunk certification(s), must also have experience with the following:

• Python development – Proficiency in Python programming language.
• Splunk SimpleXML or web development (JavaScript, CSS).
• Splunk app & add-on development.
• Splunk data modeling.
• Strong experience in Splunk development, building dashboards, reports, and lookup tables.
• Working knowledge of Splunk including SPL, indexers, forwarders, search heads.
• Experience in OOAD, agile processes, design patterns.
• Expertise in large scale cyber security data analytics, identifying data-driven threat collection opportunities.
• Prior Information security analysis experience in a Cyber Security Operations Center (CSOC).

Soft skills:

• Ability to collaborate with others, leveraging many project approaches (Agile/Scrum, Waterfall, Gantt Charts).
• Comfortable working remotely with team members around the country. Self-starter with intellectual curiosity.

LOGISTICS:

• Work remotely anywhere in Domestic US. Preferred locations Colorado or Georgia.
• Contract role through end of the year with potential for extension and/or conversion to perm.
• COVID-19 Vaccine and Booster Required – OR must provide valid medical exemption from doctor in advance.
• Must be able to successfully pass a 12-panel drug screen, 10-year background check, employment verification.
• You will need to be a current US Citizen or valid Green Card holder. No need for visa now or in future. This role is not able to offer visa transfer or sponsorship now or in the future.
• W2 only – No sub vendors. Sponsorship NOT available.
• Must have direct contact information on resume (phone/email) to be considered.