Splunk Engineer – Core Certified Consultant, ES Accreditation Required

🕒 il y a 2 mois

Postuler Maintenant

Trouver des Emplois à Distance Similaires

Recevoir des emails pour des emplois à distance

📊 Vérifiez votre score de CV pour ce poste

Améliorez vos chances d'obtenir un entretien en vérifiant votre score de CV avant de postuler.

Télécharger le CV

True Zero Technologies, LLC

Site WebLinkedInTous les Emplois

11 - 50 employés

🔒 Cybersecurity

🏢 Entreprise

☁️ SaaS

Cybersecurity • Enterprise • SaaS

True Zero Technologies, LLC est une entreprise détenue par des vétérans spécialisée dans les solutions de cybersécurité. La société propose un éventail de services incluant l'ingénierie et l'architecture de sécurité, l'adoption de technologies émergentes, les opérations cybernétiques, le renseignement sur les menaces cyber, les tests de pénétration et l'assurance de l'information. True Zero est également reconnue pour ses services gérés et ses capacités en sécurité cloud. L'entreprise collabore avec des leaders technologiques tels que Tanium, Splunk, Cribl et Zscaler pour offrir des solutions à fort impact et haute valeur ajoutée qui aident les organisations à innover tout en renforçant leurs programmes de sécurité et opérationnels. True Zero s'engage à fournir aux organisations des informations concrètes pour sécuriser efficacement leurs environnements IT.

Description

• Implement RBA:** Develop and implement RBA strategies within Splunk ES to reduce alert noise and focus on high-fidelity alerts. • Develop RBA components:** Build and implement actionable alerts, workflow actions, risk incident rules, and risk scores. • Create dashboards and reports: Design custom dashboards to visualize risk scores and provide context for analysts. • Correlate data: Use Splunk's capabilities to correlate disparate events to identify patterns of risky behavior. • Build custom solutions:** Develop custom machine learning (ML) models to augment alerting and create automated workflows to improve efficiency. • Content Development: Develop advanced security content, including dashboards, reports, and alerts, to highlight risk details, health analysis, and risk suppression specific to RBA environments. • Data: Collaborate with application and system owners to onboard new data sources (e.g., from Windows, Linux, cloud services like AWS/Azure) and ensure proper parsing and enrichment for effective analysis within RBA. • Correlate various data sources, such as logs from operating systems, applications, and cloud providers, into Splunk to feed RBA models.

🎯 Exigences

• Core Certified Consultant is a requirement • Deep technical expertise in Splunk administration, architecture, and Search Processing Language (SPL). • Strong understanding of security operations, threat detection, incident response, and security frameworks (e.g., NIST RMF). • Preferred relevant Splunk certifications are a plus such as: • Splunk Core Certified Power User • Splunk Enterprise Certified Admin • Splunk Enterprise Certified Architect • Splunk ES • Proficiency in scripting languages like Python, PowerShell, or Bash for automation and data analysis. • Willingness to collaborate within an agile environment

🏖️ Avantages

• Competitive salary, paid twice per month • Best in class medical coverage • 100% of medical premiums covered by True Zero • Company wide new business incentive programs • Contribution Incentives (i.e. white papers, blog posts, internal webinars, etc.) • 3 weeks of PTO starting + 11 Paid Holidays Annually • 401k Program with 100% company match on the first 4% • Monthly reimbursement of Cell Phone and Home Internet costs • Paternity/Maternity Leave • Investment in training and certifications to broaden and deepen your technical skills