Job Description

TCI has an immediate need for a Splunk Service Engineer in Morrisville, NC or Eagan, MN (Hybrid). This is not a Corp2Corp opportunity. This is a long-term contract opportunity with the possibility of hire. In addition to competitive, market-rate based pay, TCI provides all our Consultants with Comprehensive Medical/Dental Insurance, 401k, Life Insurance and Long-Term Disability benefits.

NOTE: This position requires US Citizenship and a Public Trust Security Clearance prior to start.

HYBRID REMOTE WORK IS AVAILABLE FOR LOCAL CANDIDATES ONLY

SUMMARY

The Splunk Service Engineer is responsible for tuning and configuration of Splunk Core and Splunk Enterprise Security (ES) services, develop use cases with end users to build content and assist in developing advanced security use cases. Participate in requirements gathering, solutions architecting, design and build of technology solutions to support Continuous Monitoring Program. Assist, train, and host workshops for teams. Support off-hours and weekend efforts for incident investigations and systems maintenance.

RESPONSIBILITIES
  • Develop and Implement Actionable Alerts and Workflow for Splunk as a SIEM (Security Information & Event Management) tool.
  • Develop and Implement Apps & Knowledge Objects (KO) like Dashboard, Reports, Data Models.
  • Work with the Splunk Architect/Admin to promote private KO to Global KO.
  • Assist, and/or train Splunk Engineering team on Data Lifecycle Support.
  • Assist, train, and/or host workshops teams and analysts on Searching and Content Development.
  • Develop and implement automation to improve efficiency of workflows using Splunk.
  • Assist in development of advanced security use cases in Splunk.
  • Develop risk rules and risk incident rules to correlate and alert to significant cyber events.
  • Develop custom dashboards specific to RBA (Risk Based Alerting) to highlight risk detail, health analysis and risk suppression.
  • Configure incident response and remediation workflows for ES around notable events (RBA or otherwise alerted).
  • Develop custom machine learning (ML) models to support anomaly-detection based augmentation of alerting.
  • Work with numerous stakeholders to implement & maintain event logging from various operating systems, applications, identity providers, network infrastructure, and cloud service providers.
  • Understanding of network protocols, operating systems, applications, and device event telemetry.
  • Have strong communication and collaboration skills, both oral and written, with excellent interpersonal and organization skills.
  • Understanding of network defense tools (firewall, IPS/IDS, WAF/CDN, etc.), endpoint defense tools (EDR, anti-malware) a plus.
REQUIREMENTS
  • 7+ years in information security operations and/or related IT operational functions using Splunk.
  • Must possess a minimum of a Bachelors Degree in Computer Science, Information Technology or Information Security (Masters Degree preferred).
  • CERTIFICATIONS: (One or more required) CompTIA Security +, CPTE - Certified Penetration Testing Engineer or CEH Certified Ethical Hacker, or Certified Information System Security Professional (CISSP).
  • Must possess a valid Public Trust Security Clearance or have the ability to obtain one prior to start.

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online