| Remote Sr. Splunk Engineer No H1B , OPT at Remote, Remote, USA |
| Email: [email protected] |
| Job Title : Sr. Splunk Engineer Location: Remote Visa: No H1B , OPT MOI: Skype Client : BCBS Job details : The Senior Splunk Engineer will be a member of the BCBSA CyberDefense team and will be required to interact with end users to gather requirements, perform troubleshooting, and provide assistance with the creation of Splunk search queries and dashboards. Splunk is our core technology providing visibly for the Detection and Response team. The Senior Splunk Engineer plays critical part in success of the team ensuring proper operation and functionally of the platform. The Senior Splunk Engineer will support a large distributed clustered Splunk environment consisting of search heads, indexers, deployers, deployment servers, heavy/universal forwarders and Splunk Enterprise Security premium app, spanning security, performance, and operational roles. The Senior Splunk Engineer should be proficient with recognizing and onboarding new data sources into Splunk, analyzing the data for anomalies and trends, and building dashboards, searches, reports, etc. highlighting the key trends of the data. The Senior Splunk Engineer should be proficient within a Linux environment, editing and maintaining Splunk configuration files and apps. The ideal candidate will have a strong background in Splunk development as well as Information Security. Responsibilities Act as a Splunk enterprise Subject Matter Expert Architect and deploy Splunk environment in AWS Cloud Provide operations and maintenance including production and infrastructure support, root cause analysis, break/fix, troubleshooting, and health monitoring Manage indexes, indexers and clusters of indexers as well as search head clusters Develop detection and alerting to enable proactive issues identification Support Splunk on Linux and Windows-based platforms Onboard new data sources as required Develop and enhance dashboards and reports Proactively upgrade and patch the environment Write technical documentation and operational procedures Requirements 5-10 years of Splunk Engineering experience Knowledge of Splunk Clustering Knowledge of Splunk Enterprise Security Experience onboarding data sources from various IT infrastructure components such as servers, firewall & proxy server logs, applications on-prem and in AWS cloud environment Experience developing security-focused content for Splunk, including creation of complex threat detection logic and operational dashboards. Understanding and usage of Regex Strong problem solving abilities with an analytic and qualitative eye for reasoning. Self-starter with the ability to independently prioritize and complete multiple tasks with little to no supervision. * Deliverable: - Onboard additional AWS data - Splunk license analysis and data reduction - Domain Analysis - Troubleshoot the process which is ingesting the whois data or disable Domain Analysis data model accel. - See if possible to update apps / dashboards for jquery compliance: duo_splunkapp, ms_windows_ad_objects - Upgrade all universal forwarders - Upgrade Splunk hosts that reside in AWS and on-prem (roughly 10) - Upgrade UF TAs - Upgrade all apps and add-on across the infrastructure - work with Splunk PS to transition to cloud - Properly configure Splunk Enterprise security - Move two splunk servers to a new datacenter - Create new user accounts - Ensure all logs are flowing and troubleshoot those that stop - Onboard new data source -- Keywords: information technology |
| [email protected] View all |
| Fri Sep 15 22:33:00 UTC 2023 |