Sr. Splunk Enterprise Security App Dev/Administrator (Remote) – (BHJOB22048_762)

Join to apply for the Sr. Splunk Enterprise Security App Dev/Administrator (Remote) – (BHJOB22048_762) role at ITmPowered Consulting.

The Sr. Splunk Enterprise Security Developer/Administrator will develop, create, integrate, and administer a highly advanced Splunk Security application (eSAR) developed internally to detect improper access to protected data by employees and malicious user activity. Responsibilities include developing Splunk Apps and add-ons supporting cyber threat monitoring, threat management, and data compliance across enterprise applications. The role involves developing advanced Splunk ES application functionality, collaborating with Splunk developers using Agile methodologies, and supporting Splunk development, data integrations, and application administration.

• Splunk Enterprise Certified Architect OR Splunk Certified Developer (required)
• Splunk Core Certified Consultant (preferred)
• Proficiency in Python programming
• Experience with Splunk SimpleXML, JavaScript, CSS
• Experience in Splunk app & add-on development, data modeling, dashboard creation
• Knowledge of SPL, indexers, forwarders, search heads
• Experience in cybersecurity data analytics and CSOC operations
• Ability to work remotely with a team, self-starter attitude

1. Administer Splunk and Splunk ES log management, ingestion, normalization
2. Develop custom Splunk applications, dashboards, reports, and lookup tables
3. Integrate Splunk with enterprise applications and systems
4. Translate business feedback into technical requirements
5. Develop security and compliance applications, add-ons, data models, content using Python, SPL, XML, JavaScript, CSS, Bash
6. Create risk scoring models and dashboards for security analysts
7. Develop triage workflows and incident response tools
8. Enrich access events with IAM and application data
9. Enable fast searching and long-term data analysis
10. Develop Break-the-Glass monitoring and correlation in Splunk

• Active Splunk certifications (Architect or Developer required)
• Experience with Python, JavaScript, CSS, and Splunk development
• Knowledge of cybersecurity threat detection and SOC operations
• Remote work capability within the US, preferably Colorado or Georgia
• Contract role through year's end, with potential extension or permanent placement
• Vaccine and booster required or valid medical exemption
• Background check and employment verification required
• US Citizen or Green Card holder only; no visa sponsorship
• W2 employment only; no sub-vendors
• Contact information must be included on resume

To apply, email your details to careers@itmpowered.com.