Must Have Data Onboarding experience, Linux/Unix, Shell Sript/bash, Splunk Implementation
The Data Security Engineer will assist with the design, implementation, security and ongoing support of Client’s cyber security tools and processes within Client’s Global Information Security Team.
This position will work directly with teams inside and outside of GIS as part of our overarching data security strategy for corporate and marketplaces Detection and Response initiatives.
The ideal candidate will have a passion for cybersecurity, system monitoring and analysis, and developing/automating creative solutions.
As a Data Security Engineer, you will be expected to be skilled at identifying security gaps in infrastructure and process, effectively execute projects/initiatives to address them, demonstrate excellent judgment, prioritization and communication of technical security risks, and act as a security liaison supporting business units.
• Splunk Admin and forwarder management related tasks
• Beats administration and support
• Data on boarding across multiple data sources (windows, Linux, API, database, etc.)
• Support multiple methods of data security log collection (syslog, splunk forwarders, rest, database connect, HEC)
• Build data pipelines (Kafka, Flink), ETL, and management of high-volume data across distributed systems
• Ability to debug configuration issues
• Manually create regular expressions or GROK filters to properly extract interesting fields from a variety of log types and normalize fields to comply with a common information model/schema
• Creation of Dashboards, Visualizations, Statistical reports, scheduled searches and alerts
• BS or MS in computer science or related fields
• Experience building and supporting Splunk Common Information Model, RBAC and permissions
• Experience building and supporting Splunk Data Models
• Experience building and supporting Splunk configurations, dependencies, and forwarder management
• Experience building and supporting Splunk architecture and components (search head, deployment server, cluster master, indexers, forwarders (HF/UF)
• Experience working within product development teams and usage of tools like GitHub, and Jira
• Advanced understanding of modern Linux operating system (Kernel, security, hardening, tuning)
• Advanced scripting skills with Python, Bash, SQL
• Experience writing and maintaining tools and scripts to support automation and operations.
• Experience in configuring centralized logging working with various log types and formats
• Experience with data normalization and data enrichment methods (CIM/Schemas)
• Knowledge of system and network architecture and interrelationships (technical and functional)
• Solid understanding of network technologies like DNS, Load Balancing, SSL, TCP/IP & HTTP/HTTPS.
• BS in Computer Science or related field with 5+ years of experience or MS in Computer Science or related field with 3+ years of experience
• Minimum 2 year of experience in Splunk management/admin, Splunk certifications are a plus
• 2+ years of automation using Unix Shell scripts, SaltStack, Puppet, Ansible etc.
• Experience with enterprise-scale operations and maintenance environments
• Familiar with both Windows and Linux based OS
• Experience with syslogNG is a plus
• Ability to be a Splunk language (SPL) expert
• Splunk Power User or Architect certification - preferred
• Industry recognized security certifications – preferred
• Preference for at least one current recognized security professional certification such as CISSP, CISM, CISA or ISO 27001 Lead Auditor
• Self-motivated and able to work in an independent manner
• Can do attitude and team first mentality
• Good communication (Written & Oral), Interpersonal, organizational, multi-tasking, and time-management skills
• Ability to work with multiple teams in a fast-paced environment
• Built and/or maintained tools to get the job done
• Love to learn new things and strive to continuously learn and challenge yourself and others
• Lots of enthusiasm and the drive to learn and adapt to support business needs