Splunk Security Analytics Engineer


Premium Job From Experis IT

Recruiter

Experis IT

Listed on

11th September 2017

Location

Glasgow

Salary/Rate

Negotiable

Salary Notes

Negotiable

Type

Contract

Start Date

ASAP

This job has now expired please search on the home page to find live IT Jobs.

Splunk Security Analytics Engineer

Location: Glasgow

Start Date: ASAP

Duration: 12 Months

Role Description:

Splunk Security Analytics Engineer required working in the Technology & Information Risk Cyber Security Analytics Engineering Team, providing the highest level of security consultancy and engineering support of Security Analytics platforms. The role is suited to an experienced Linux systems administrator or engineer with a proven understanding of enterprise Splunk security and analytics.

This role is primarily project based, with varied activities to architect, deploy, expand, integrate, manage and enhance the firm's security event monitoring capabilities. The role concentrates on engineering the Splunk platform for internal client groups, such as CERT, SOC and Threat Investigations teams, including data onboarding, data engineering, field extractions, data models, use case prototyping, dashboards, tuning, and configuration.

* Work with global colleagues to provide consistent processes and solutions-Onboard and cleanse data sources using best practices for CIM compliance field extraction and data model optimizations

* Complete environment tooling, staging, configuration, orchestration, production build and documentation tasks

* Provide production support and health monitoring, including troubleshoot root causes -Build, install and manage development, QA and UAT environments and manage release cycles

* Develop tools to automate and improve processes and procedures, including configuration management and runtime tooling

* Customer-focused ES SIEM engineering -

* SME knowledge of ES4.7

* Escalate and liaise with internal/external groups when required

* Aid in architecture of security analytics infrastructure design, implementation, testing, performance analysis, optimization, operations, monitoring/metrics, problem resolution, upgrades, process management, capacity planning, reporting, tuning and documentation, using the firm's tools, policies, processes and procedures

* Participate in technology evaluations and suggest improvements based on technology trends, best practices or industry standards.

Skills required (essential):

* Direct experience as a Splunk Engineer or Architect

* Prior experience engineering and deploying analytics and SIEM SOC solutions in a large enterprise environment (?50 servers)

* Scripting and development skills (BASH, Perl, Python or Java) with strong knowledge of regular expressions

* Linux/Unix sysadmin experience -Interpersonal skills

* communicator, flexibile, self-driven, team player -Strong task management skills

* General networking and security knowledge (firewalls, routing, DNS, NAT, packet trace and analysis, etc.)

* Able to demonstrate a broad exposure to various technologies

* preferably in a global environment, ideally within the finance industry

Skills highly desired:

* Experience with Splunk Enterprise Security (ES4) and Splunk ITSI

* Knowledge of statistical modeling for anomaly, ML and outlier detection

* Splunk enterprise architecture, integration and deployment experience

* Big data experience, including Kafka, KafkaConnect, NiFi, Storm, Grok, Parquet, Spark, HDFS.

* Knowledge of indicators of compromise (IOC) of systems and applications

* Familiarity with key security events on common platforms

* Industry certifications such as CISSP, SANS, CeH, etc.-SDLC experience, using JIRA and GIT

* Experience authoring security policy and security best practice documentation -Experience onboarding

Please submit your CV in the first instance

You are currently using an outdated browser.

Please consider using a modern browser such as one listed below: