Are you interested in improving the cyber and organizational risk profiles of leading companies? Do you want to be involved in delivering Managed Security Services including identifying unauthorized activities and intrusions in their networks in real time? Are you excited about rapidly changing operational environments, learning what you need to get the job done, and producing accurate and timely results?
If yes, then Deloitte's Foundry Managed Security Services team could be the place for you! Transparency, innovation, collaboration, sustainability: these are the hallmark issues shaping cyber initiatives today. Deloitte's Foundry MSS business is passionate about making an impact with lasting change. Delivering our industry leading services requires fresh thinking and a creative approach. We collaborate with teams from across our organization in order to bring the full breadth of Deloitte, its commercial and public sector expertise, to best support our clients. Our aspiration is to be the premier integrated services provider in helping to transform the cyber security services marketplace.
Our team is client focused and mission driven. As a Splunk Engineer in Deloitte's Foundry Managed Security Services, you'll work with our diverse teams of passionate professionals to help solve for some of today's toughest cybersecurity challenges to enable our clients to achieve business growth and manage risk.Work you'll do
As a Splunk Engineer you will be managing and providing Splunk health and operational support, including supporting to architecture changes, app development & deployments and advanced content development.
You will be closely working with Security Operations Center (SOC), Content, TIA and ThreatConnect teams as an advanced escalation point in identifying and addressing potential information security incidents leveraging Splunk Processing Language (SPL).
- Perform Splunk configuration management, and troubleshooting, addressing complex issues and day to day operations management
- Onboard security relevant data sources and develop new and custom parsers wherever a supported TA is not present
- Perform Splunk architecture assessments and design reviews
- Deploy and configure large scale Splunk infrastructure
- Build custom Splunk app/TA based on customer requirements
- Deliver Splunk advisory support and education to other SOC and technology management personnel
- Assist in Security incident detection Use Case Roadmap development and update Use Cases in Use Case Repository
- Build advanced Security Incident detection Use Cases, with or without Splunk ES
- Create high quality and intuitive custom reports, dashboards using Splunk Processing Language (SPL)
- Develop scripts, as needed, to simplify data collection and automate data onboarding tasks
- Work on Splunk data models and make all ingested data CIM compliant
- Create and/or perform quality review of HLUC, TUC, Use Case Testing, Parser, Runbooks, and other Technical documents
- Create runbooks for analyst, guiding them to investigate notables/alerts
- Provide 24/7 on-call support for Splunk infrastructure or performance related issues (as needed)
- Mentor and train Junior Splunk Engineers
- Coordinate with various technical groups and attend client meetings
- Build relationships with client counterpart (i.e. Client Lead Security Engineer)
- Adhere to internal operational security and other Deloitte policies
- Participate in other short-term project work as assigned
- Bachelor of engineering or Science in computers, information systems, information security, Math, decision sciences, risk management, or other business/technology disciplines or equivalent work experience
- 8+ years' experience working as Splunk SME/engineer/developer.
- Extensive experience in Splunk deployment, configuration, data ingestion, correlation alert creation, report and dashboard building on Splunk.
- Knowledge of Splunk app development/config file customization
- In-depth understanding on various Splunk components/configuration files
- Strong analytical and problem-solving skills
- Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc.
- Understanding of common network infrastructure devices such as routers and switches Excellent interpersonal and organizational skills
- Excellent oral and written communication skills
- Understanding of basic networking protocols such as TCP/IP, DNS, HTTP
- Limited immigration sponsorship may be available
- Ability to travel 10%, on average, based on the work you do and the clients and industries/sectors you serve
- Splunk certified Admin or Architect
- Cyber Security Certifications from EC-Council, COMPTIA, SANS, (ISC)2 etc.
- Exposure to Splunk Enterprise Security/Splunk UEBA/Splunk MLTK
- Knowledge and familiarity with leading Public Cloud platforms such as Azure, AWS, Google Cloud Platform