Splunk Analyst

Deeper scripting skills in JavaScript and Python Looking for someone that has developed pipelines utilizing multiple optimization tools (Splunk Edge, Cribl, OTEL) and has exposure to cloud sources in AWS and Azure (Cloudtrail, Eventhub)

Discovery + Analysis:

• Security log source discovery
• Partner with and educate AppDev teams to identify which types of events are security events and how to handle/document them prior to ingestion
• Review the current technologies and the event-types they create, specifically focusing on previously undocumented/unknown security event sources,
• Create/update a registry of various types of security events in partnership with the security team
• Establish a process for the internal teams to identify and sync with the observability team for classifying inclusive security events
• Evaluate all log sources and ensure that only security data has been appropriately routed, and its schema is recorded)
• Investigate and review security data for events that do not meet the policy definition of a security event as defined in Archer.

Development + Implementation:

• Enhancing data usability and quality. Using pipelines to reduce search and investigating overhead.
• Develop integrations that enhance data accessibility from the Security Data Lake project.
• Establish pipelines to route newly discovered security logs to proper index/location.
• Develop security source reliability and monitoring functionality across observability systems
• Develop metadata telemetry sources to be continually monitored for the following:
• Significant changes in volume
• Instability of data transmission
• Data source goes offline

Engineer (3-5 years experience)

1. JavaScript or Python experience required

2. Cribl or Splunk experience required specifically data transformations

3. AWS Lambda experience will be nice to have

4. Familiar with various data structures and formats e.g., JSON, XML, KVP and the ability to transform them

5. General experience with Observability best practices