Splunk Engineer

Employer
RavenTek
Location
Tysons Corner, VA
Posted
Nov 29, 2021
Closes
Dec 01, 2021
Ref
230996459
Function
Engineer, IT, QA Engineer
Hours
Full Time
Description: RavenTek is seeking a Splunk Engineer to support a great customer with the following responsibilities: Be responsible for advanced security event detection and threat analysis for complex and/or escalated security events. Provide log/network/malware/device analysis and making recommendations for remediation of security vulnerability conditions. Validate log sources and indexed data, search through indexed data to optimize search criteria. Add Customer Context, eliminate noise and false positives, and develop trends and data models. Distill Customer intelligence feeds; use cases, trends, and data models. Create custom alert schema, reports, and custom dashboards. . Requirements: Required Security Clearance: TS/SCI with FSP Qualification Requirements: Familiarity with server-side scripting Drive complex deployments of Splunk dashboards and reports while working side by side with the customers to solve their unique problems across a variety of use cases Assist internal users of Splunk in designing and maintaining production-quality dashboards. Experience in design, implementation, and support of Splunk (Indexers, Forwarders, Search-Heads Setup etc.) Experience with implementing and administering Splunk. Good understanding with virtualization technologies (Hypervisor, VMware, etc.) Apps/Dashboards for license usage and Application errors. Experience with Linux and Windows agents for Splunk administration with a solid understanding of the Splunk system. Ability to create operations documentation for maintaining the Splunk infrastructure. Setting up Splunk Forwarding for new application tiers introduced into the environment. Identifying bad searches/dashboards and partnering with the creators to improve performance. Troubleshooting Splunk performance issues / Opening support cases with Splunk. Monitor the Splunk infrastructure for capacity planning and optimization. Troubleshoot log feeds, field extractions, search time, etc. Provide Granular, Role-based Security. Restrict access to sensitive logs/data Experience in onboarding new data, inputting new information, Creating new dashboards, Extraction info through Splunk Report generation ad customization Required Education and Experience: Bachelor's Degree in Computer Science or Engineering or equivalent experience. Five to seven years of relevant experience Preferred Qualifications: Splunk Admin Certification Experience with databases. Other Requirements: This position may require that you be vaccinated against Covid-19 unless you need a reasonable accommodation for religion or a health-related need. Employment Type: Full Time / Permanent Working Conditions: Business work hours are on site and set from Monday through Friday, 40 hours a week. Physical Requirements: Employee needs to be able to sit at a workstation for extended periods; use hand(s) to handle or feel objects, tools, or controls; reach with hands and arms; talk and hear. Most positions require ability to work on desktop or laptop computer for extended periods of time reading, reviewing/analyzing information, and providing recommendations, summaries and/or reports in written format. Must be able to effectively communicate with others verbally and in writing. Employee may be required to occasionally lift and/or move moderate amounts of weight, typically less than 20 pounds. Regular and predictable attendance is essential. Background Screening/Check/Investigation: Successful Completion of a Background Screening/Check/Investigation will/may be required as a condition of hire. ADA: RavenTek will make reasonable accommodations in compliance with the Americans with Disabilities Act of 1990. EEO/AA: RavenTek does not discriminate on the basis of race, color, national origin, sex, religion, age, disability, sexual orientation, gender identity, veteran status, height, weight, or marital status in employment or the provision of services and is an equal access/equal opportunity/affirmative action employer. PM20 PI152729562