Offer summary

Qualifications:

2+ years of experience in Security Operations or related field., 3+ years of Splunk Admin experience or certification., Knowledge of Linux distributions and networking concepts., Strong troubleshooting and problem-solving skills..

Key responsibilities:

Perform deployment and system health checks for Splunk environments.

Configure and upgrade Splunk applications and manage data sources.

Develop detection capabilities and security roadmaps for clients.

Collaborate with customers and internal teams to improve system security and performance.

Job description

Own The Role:

Join North America’s top Splunk Services Partner! SP6 is seeking a highly motivated individual to join our growing Co-Managed Services team. Managed Services (MS) Splunk Engineers serve as the subject matter experts in advancing Splunk.

You will work and gain exposure in large multifaceted and intricate customer environments that have a multitude of different technologies. Additionally, you will work in collaboration with the engineers and analysts from SP6 customers to perform a wide array of tasks to ensure systems are secure, compliant, and performant.

How You’ll Drive Success:

Deployment Maturity

Creating quarterly customer maturity roadmaps
Splunk Enterprise and app upgrades (to approved versions)
Installation and configuration of Splunk-certified applications and add-ons
Creating and modifying roles and user group associations
Modifying indexes and data retention policies
On-boarding new data sources
Re-architecture of syslog aggregation for Splunk or extensive modification to syslog configuration
Re-architecture of authentication into Splunk
Expanding log source collection of an existing source type
Participating in Executive Business Reviews (EBRs)

Health & Performance

Deployment health checks & architecture reviews
System performance tuning
Troubleshooting issues within the Splunk environment, including silent log source monitoring
Reducing license usage on data sources
Periodic review of errors/warnings reported by internal Splunk logs
Log normalization (CIM)
Custom script development

Security Expertise

Creating quarterly customer security roadmaps
Implement and maintain detection capabilities across Splunk deployments
Assist customers in developing a comprehensive strategy for effective detection of malicious activity
Coordinate with internal and external teams to improve the accuracy of detection capabilities and implement best practice mitigations and automated response capabilities
Conduct detection gap analyses & customer security workshop calls
Document and communicate detection capabilities and gaps clearly and effectively leveraging multiple industry frameworks including MITRE ATT&CK, the Cyber Kill Chain, and NIST
Advise on data source prioritization
Research and innovate net new mitigation, detection, and response capabilities given input from industry trends, customer feedback, and research

To Be Successful:

2+ years of experience in Security Operations or a related field (MSSP/MDR)
3+ years of Splunk Admin experience or Splunk Admin certification
- 1+ years of Enterprise Security experience desired
Working knowledge in various distributions of Linux
1+ years of systems administrator, IT operations, or related experience
Good understanding of Networking concepts (OSI layers, network security concepts)
Strong troubleshooting, problem solving, and abstract reasoning abilities
Hands-on troubleshooting/technical support/helpdesk experience
Self-motivated with strong presentation and verbal communication skills
Must be able to take extreme ownership (accountability) and seek constant improvement (what could we have done better?)
Must be customer-focused, team-oriented, communicate and operate with integrity, without compromise