Splunk Analyst

Overview

Remote
Hybrid
$Depend on Exp
Full Time
Part Time
Accepts corp to corp applications
Contract - Independent
Contract - W2
Contract - 6 month(s)

Skills

Scripting
JavaScript
Python
Optimization
Cloud Computing
Amazon Web Services
Microsoft Azure
SPL
Splunk
Auditing
Regulatory Compliance
Data Structure
JSON
XML
Oracle Linux
Educate
Collaboration
Partnership
EMC RSA Archer
Usability
Accessibility
Data Lake
Meta-data Management

Job Details

Job Title- Splunk Analyst

Project Location 100% remote

Duration- 6 Months (Possible Extension)

Contract / CTH / FullTime- Contract

Remote or Hybrid or Onsite Remote

Scripting skills in JavaScript and Python and Looking for someone that has developed pipelines utilizing multiple optimization tools (Splunk Edge, Cribl, OTEL) and has exposure to cloud sources in AWS and Azure (Cloudtrail, Eventhub).

Required Skills:

  1. Splunk SPL experience. Familiarity with Splunk
  2. Knowledge of security events and concepts
  3. 2-3 years of Security audit compliance experience will be a plus
  4. Work independently and meet with appropriate resources
  5. Familiar with various data structures and formats e.g., JSON, XML, KVP

Discovery + Analysis:

  • Security log source discovery
  • Partner with and educate AppDev teams to identify which types of events are security events and how to handle/document them prior to ingestion
  • Review the current technologies and the event-types they create, specifically focusing on previously undocumented/unknown security event sources,
  • Create/update a registry of various types of security events in partnership with the security team
  • Establish a process for the internal teams to identify and sync with the observability team for classifying inclusive security events
  • Evaluate all log sources and ensure that only security data has been appropriately routed, and its schema is recorded)
  • Investigate and review security data for events that do not meet the policy definition of a security event as defined in Archer.

Development + Implementation:

  • Enhancing data usability and quality. Using pipelines to reduce search and investigating overhead.
  • Develop integrations that enhance data accessibility from the Security Data Lake project.
  • Establish pipelines to route newly discovered security logs to proper index/location.
  • Develop security source reliability and monitoring functionality across observability systems
  • Develop metadata telemetry sources to be continually monitored for the following:
  • Significant changes in volume
  • Instability of data transmission
  • Data source goes offline
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.