REMOTE Splunk Consultant in Orlando, FL at Vaco

Date Posted: 4/13/2021

Job Snapshot

Job Description

Vaco is looking for a Remote Splunk Consultant to come on board for a 2-3 month upgrate project.

Responsibilities :
The Splunk Consultant is responsible for a broad range of responsibilities, with a primary emphasis on SIEM operations. They will work closely with Management, other senior security staff members, the Security Operations Center (SOC), Incident Response (IR) team, and other internal organizations to serve as the subject matter expert for SIEM-related activities covering both traditional and virtual environments.
* Upgrade Splunk applications on all Splunk servers
* Upgrade Splunk ESS to latest version
* Develop and maintain the technology roadmap for the deployment and ongoing operations of Splunk Enterprise Security software and appliance-based products across a large and diverse enterprise.
* Architecture integrations of various data sources with Splunk
* Partner with various internal teams to develop and tune security monitoring in the SIEM.
* A key point of escalation for other security engineers and analysts, provide guidance and mentoring using adaptive communication style that promotes learning.
* Create or direct the creation of operational security metrics via the most efficient method (i.e. dashboards, reports).
* Responsible to help drive the security-related data collection methodologies across the enterprise.
* Be proactive in tracking information security trends, standards and practices to identify needs for enhancing or developing security solutions.
* Identify security considerations for design and deployment of new applications, technologies, and solutions across the enterprise. * Create, review, and revise use cases to support content within SIEM tools, working in partnership with the Detection team.
* Support investigations with respect to event analysis and forensics.
* Direct and propose new network monitoring and security operations to drive a risk based approach to threat detection
* Design, develop, implement SIEM ingestion pipelines that scale to the needs of data ingestion for the SIEM
* Recommends various automation requirements to facilitate security event handling
* Reviews, prepares or presents executive-level key reporting around SIEM and detection
* Promote awareness of applicable security policies and standards.

Basic Qualifications :
* Minimum 5+ years security operations experience in large global organizations.
* Minimum 5 years SIEM operations.
* Must have thorough knowledge of Splunk SIEM, Enterprise Security architecture and operations.
* Must have thorough knowledge of information security components, principles, practices, and procedures.
* Must have thorough knowledge of web application, infrastructure, and internet security along with a general understanding of common operating systems, networking protocols, database, and application development.
* Minimum 2 years' experience of both private and public virtualization environments (e.g. AWS, Azure, GCP, VMware, etc.)
* Minimum 2 years' experience with scripting (e.g. Python or bash) and automation (e.g. Chef, Ansible, CloudFormation)
* Minimum 1 year designing, implementing and maintaining a 10TB+ multi-site Splunk Infrastructure
* Minimum 2 years Designing, Implementing, and Maintaining a Multi-Site Splunk SmartStore based indexing infrastructure in AWS.
* Minimum 2 Years of API experience with AWS Kinesis, AWS SQS, AWS SNS. Preferred Qualifications:
* Knowledge of serverless pipelines in Azure, AWS and GCP to ensure scalability for log delivery to the SIEM.
* Knowledge of automation and orchestration integration with Splunk Enterprise Security
* Python preferred
* Prefer one of the following general certifications: CISSP, CISM, CISA or equivalent
* Prefer an application-specific certification: Splunk Certified Admin or IBM Certified Associate Administrator
* Prefer an AWS Operations or Security certification.