Sr. Splunk Enterprise Security App Developer (Remote) (BHJOB22048_761)

Sr. Splunk Enterprise Security App Developer (Remote) – ITmPowered

The Sr. Splunk Enterprise Security App Developer will develop, create, integrate, and support a highly advanced Splunk Security application (eSAR) developed internally to detect improper access to protected data by employees and malicious user activity. Develop Splunk Apps and add-ons in support of Security Access cyber threat monitoring, threat management, and data compliance across numerous business-critical enterprise applications. Work with Splunk Developers using Agile development methodologies.

RESPONSIBILITIES:

• Advanced Splunk analytics and the development of custom Splunk applications.
• Splunk data integrations with business-critical enterprise applications and systems.
• Translating feedback from the business to Splunk technical requirements and solutions.
• Develop specialized Splunk Security and Compliance applications, add-ons, data models, dashboards, and content using Python, Splunk SPL, Splunk SimpleXML (or JavaScript, CSS), and Bash.
• Develop custom Splunk applications and Add-Ons for inclusion of access events per use case criteria.
• Leverage modular design to onboard access/security logging applications and include in incident scoring.
• Onboard access logging applications via modular design.
• Develop Splunk risk scoring based on compliance conditions to determine suspicious access events.
• Develop custom risk scoring to filter out white noise and show actionable incidents to SOC Analysts.
• Develop dashboards for Security Analysts with detailed drill-down capability for incident response.
• Develop triage workflows for analysts to assign and track ongoing investigations.
• Develop summary indexing enrichment of access events with IAM data, application data, and Break-the-Glass logs.
• Aggregate access event data for specific criteria.
• Enable fast searching across fully enriched access events over long periods of time.
• Develop Break-the-Glass correlations in Splunk for contextual user access/app data mapping and monitoring.

Skills and Experience:

• Active Splunk Enterprise Certified Architect or Splunk Certified Developer – Required.
• Splunk Core Certified Consultant – strongly preferred.

Required Experience: In addition to active Splunk certification(s), must also have practical experience with the following:

• Proficiency in Python programming language.
• Splunk SimpleXML or web development (JavaScript, CSS).
• Splunk app & add-on development.
• Splunk data modeling.
• Strong experience in Splunk development, building dashboards, reports, and lookup tables.
• Working knowledge of Splunk including SPL, indexers, forwarders, search heads.
• Experience in OOAD, agile processes, and design patterns.
• Expertise in large-scale cyber security data analytics, identifying data-driven threat collection opportunities.
• Prior information security analysis experience in a Cyber Security Operations Center (CSOC).

Soft Skills:

• Ability to collaborate with others, leveraging various project approaches (Agile/Scrum, Waterfall, Gantt Charts).
• Comfortable working remotely with team members around the country. Self-starter with intellectual curiosity.
• Development of technical documents or presentations – IR/SOC threat runbooks.

LOGISTICS:

• Work remotely anywhere in the Domestic US. Preferred locations: Colorado or Georgia.
• Contract role through the end of the year with potential for extension and/or conversion to permanent.
• COVID-19 Vaccine and Booster Required – OR must provide valid medical exemption from a doctor in advance.
• Must be able to successfully pass a 12-panel drug screen, 10-year background check, and employment verification.
• You must be a current US Citizen or valid Green Card holder. No need for visa now or in the future. This role is not able to offer visa transfer or sponsorship now or in the future.
• W2 only – No sub vendors. Sponsorship NOT available.
• Must have direct contact information on resume (phone/email) to be considered.