Senior Splunk Engineer (Backend Experience Required)

About Zen: 

Own your opportunity to work with a client-focused agile small business. Make an impact by advancing our government organizations charged with keeping our country safe, prosperous, and secure. Zen Strategics, LLC is a cleared, minority-owned SBA 8(a) specialized consulting firm, offering innovative Cybersecurity, Cloud Migration, and Information Technology Modernization. We are a leading organization committed to delivering innovative solutions and ensuring the highest standards of security for our customers' digital assets. We are dedicated to staying ahead of evolving cyber threats and protecting our clients' data with cutting-edge technologies and proactive security measures.   

Position Description:

Seize your opportunity to make a personal impact as a Senior Splunk Engineer. Zen is your place to make meaningful contributions to challenging projects and grow a rewarding career. As a Senior SIEM Engineer you will be responsible for providing DevSecOps support for a multi-data center, multi-cloud, multi-region log ingestion (Cribl) and management (SumoLogic) system. This support includes, but is not limited to, user account and access management, server management, monitoring, and patching, data management, tools version upgrades, installation and maintenance of applications and add-ons. In addition, you’ll play an integral role in the testing, evaluation, and implementation of new SIEM products.  

Responsibilities:

As a Senior Splunk Engineer, you’ll be Zen’s representative, communicating effectively with government personnel and other contractors. maintaining appropriate contractor management interface with the Federal Team Lead and leadership. Additional responsibilities include improving log coverage and quality by reconciling records of log sources in SIEM tools with other asset management data to identify assets, establishing specific logging standards for commonly used software applications and monitoring compliance with the standards, auditing log content and quality for custom developed applications, and automating the production of documentation of the log sources in each index. You’ll also provide DevSecOps support to evaluate, deploy, and operate visualization, security analysis, and anomaly detection capabilities, operate, maintain and improve user behavioral analytics solution, implement machine learning to improve existing anomaly detection and analysis capabilities, and develop and deploy custom dashboards and visualizations or modify existing ones.

Required Education/Experience/Qualifications:

• Eight years of experience in IT security, administration and/or operations, and four years of specialized experience deploying and operating large, enterprise-wide Splunk clusters
• At least three years’ experience leading the deployment and operations of a large, complex, multi-datacenter Splunk cluster consisting of index clusters at multiple data centers and multiple search head clusters
• Atleast 2 years of hands on experience with Cribl Log ingestion tool.
• Working knowledge of SumoLogic SIEM Tool
• At least three years’ experience creating complex security and operations dashboards and alerts for use by multiple stakeholders within the organization or other comparable certifications or experience
• US Citizenship Required

Preferred Education/Experience/Qualifications:

• Bachelor of Science in an Information Technology or Cybersecurity field 
• Experience with Sumo Logic, Cribl Stream, and other SIEM tools
• Significant Linux experience
• Knowledge and experience with AWS, CloudFormation, and Ansible automation
• Strong ability to follow policy and procedures
• Analytical and problem-solving skills
• Excellent communication skills and attention to detail