Splunk Architect

Job Description

Administer the Splunk based log management system and analyze the current logging capabilities

Ensure the Agency Information Security systems administered by the Team are sending all required logs to the log management system

Ensure the Information Security systems administered by the Team are sending all required logs to the log management system

Maintain the Log Management and Security Information and Event Management (SIEM) system to collect and aggregate IDS/IPS data from network sensors, raw data from collection agents, firewalls (including but not limited to Layer 7 Application Firewalls), proxy servers, DLP, antivirus/endpoint protection software, and vulnerability scanner elements, and other important systems

Tune the SIEM and IDS/Intrusion Prevention System (IPS) events to minimize false positives

Generate vulnerability tickets in Jira and ServiceNow for vulnerability remediation

Tune the capabilities as practicable to improve efficiency and ensure that reporting capabilities of the log management system are working properly

Validate that log retention requirements are configured properly within the log management system

Identify shortfalls in the current capability and identify systems that are not sending logs to the client log management system

Work in conjunction with client to develop required dashboards and Splunk Playbook

Recommend improvements to current processes

Provide technical guidance to administrators of other IT systems to ensure their logs are sent to the client log management system

Configure client log management system role-based access controls so that logs for specific systems can only be accessed by designated administrators

Integrate Qmulos within Splunk log and manage compliance within Qmulos

Configure Splunk User Behavior Analytics working with the Security team.

Working with the security team, develop SOAR Security Orchestration, Automation and Response strategies.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to .

To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: .

Skills and Requirements

7 years of experience with Splunk

Must have Splunk Architect Certification

Experience in architecture, design, support, maintenance, and expansion of an enterprise log management/SIEM infrastructure in a highly resilient configuration

Experience in monitoring an enterprise log management/SIEM server and agent infrastructure for capacity planning and system optimization

Experience in deployment, configuration, and maintenance of log forwarder agents across a variety of UNIX and Windows platforms

Experience in collaboration with a variety of IT stakeholders in design and maintenance of production-quality log management/SIEM reports and dashboards to support data analysis and visualization

Experience in creation and maintenance of documentation related to log management/SIEM infrastructure configuration and operational processes

Advanced system administration skills with Linux operating systems

Knowledge of regular expression, scripting, and application development languages (e.g., Python, Perl, JavaScript, Linux shell scripting)

Understanding of security best practices

Experience with cloud platforms (e.g., AWS, Azure) and Splunk Cloud. Knowledge of cybersecurity principles and experience in security operations.

Experience with security incident response and vulnerability management

Experience migrating from on-premises Splunk to Splunk Cloud null

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal employment opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment without regard to race, color, ethnicity, religion,sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military oruniformed service member status, or any other status or characteristic protected by applicable laws, regulations, andordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to .