Splunk Engineer – Core Certified Consultant, ES Accreditation Required

🕒 April 1

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

True Zero Technologies, LLC

WebsiteLinkedInAll Job Openings

11 - 50 employees

🔒 Cybersecurity

🏢 Enterprise

☁️ SaaS

Cybersecurity • Enterprise • SaaS

True Zero Technologies, LLC is a veteran-owned company specializing in cybersecurity solutions. The company offers a range of services including security engineering and architecture, emerging technology adoption, cyber operations, cyber threat intelligence, penetration testing, and information assurance. True Zero is also recognized for its managed services and cloud security capabilities. The company partners with technology leaders such as Tanium, Splunk, Cribl, and Zscaler to deliver high-impact, high-value solutions that help organizations innovate while enhancing their security and operational programs. True Zero is committed to empowering organizations with actionable insights to secure their IT environments effectively.

📋 Description

• Implement RBA:** Develop and implement RBA strategies within Splunk ES to reduce alert noise and focus on high-fidelity alerts. • Develop RBA components:** Build and implement actionable alerts, workflow actions, risk incident rules, and risk scores. • Create dashboards and reports: Design custom dashboards to visualize risk scores and provide context for analysts. • Correlate data: Use Splunk's capabilities to correlate disparate events to identify patterns of risky behavior. • Build custom solutions:** Develop custom machine learning (ML) models to augment alerting and create automated workflows to improve efficiency. • Content Development: Develop advanced security content, including dashboards, reports, and alerts, to highlight risk details, health analysis, and risk suppression specific to RBA environments. • Data: Collaborate with application and system owners to onboard new data sources (e.g., from Windows, Linux, cloud services like AWS/Azure) and ensure proper parsing and enrichment for effective analysis within RBA. • Correlate various data sources, such as logs from operating systems, applications, and cloud providers, into Splunk to feed RBA models.

🎯 Requirements

• Core Certified Consultant is a requirement • Deep technical expertise in Splunk administration, architecture, and Search Processing Language (SPL). • Strong understanding of security operations, threat detection, incident response, and security frameworks (e.g., NIST RMF). • Preferred relevant Splunk certifications are a plus such as: • Splunk Core Certified Power User • Splunk Enterprise Certified Admin • Splunk Enterprise Certified Architect • Splunk ES • Proficiency in scripting languages like Python, PowerShell, or Bash for automation and data analysis. • Willingness to collaborate within an agile environment

🏖️ Benefits

• Competitive salary, paid twice per month • Best in class medical coverage • 100% of medical premiums covered by True Zero • Company wide new business incentive programs • Contribution Incentives (i.e. white papers, blog posts, internal webinars, etc.) • 3 weeks of PTO starting + 11 Paid Holidays Annually • 401k Program with 100% company match on the first 4% • Monthly reimbursement of Cell Phone and Home Internet costs • Paternity/Maternity Leave • Investment in training and certifications to broaden and deepen your technical skills