Senior SME – Splunk Architect/Engineer

On-site
Crownsville, MD
Posted 3 weeks ago

State of Maryland DoIT Security Operations Center (SOC)

Description:

Betis Group, Inc. is  looking for a Senior Splunk Architect/Engineer with project lead experience and hands-on engineering experience. The Splunk Architect will be responsible for the planning, architecture, engineering, implementation, and support of security solutions for the State of Maryland DoIT Security Operations Center (SOC) with a special focus on Splunk Enterprise Security. This role will be responsible for performing the following tasks:


Position: Senior SME – Splunk Admin 

Job Responsibilities:

– Serve as the Lead for Splunk solutions and projects, gathering requirements, planning, proposing, and executing Splunk projects to successful closure
– Gap assessment and analysis of Splunk solutions and recommendation of improvement initiatives
– Architecture, design, implementation, maintenance, and support of Splunk Enterprise Security (ES) and Splunk Phantom
– Architect and design Splunk ES and Phantom with future growth in mind to ensure a balance between scalability, performance, stability, reliability, and agility
– Configuration management and control of maintenance architectural/design/functional changes to Splunk ES and Phantom
– Monitoring Splunk system updates and planning, reviewing, and executing patch/upgrade deployments
– Perform on-boarding of standard and custom data sources in Splunk and have a thorough knowledge of using regular expressions to create extractions
-Integration of threat intelligence feeds and with other security tools to facilitate automation
– Support SOC playbook automation development and maintenance 
– Analyze security monitoring and reporting requirements and define, design, develop, and maintain/improve Splunk dashboards, reports, alerts etc. 
– Develop search queries for support incident investigative efforts to correlate events
– Performance monitoring and tuning of Splunk ES and Phantom
– Operations monitoring of Splunk ES and Phantom to ensure proactive issue identification and resolution
– Provide production and infrastructure support, root cause analysis, troubleshooting, health monitoring, etc. 
– Plan, define, and implement an effective and efficient data backup strategy
– Plan, define, and implement an effective and efficient data archiving strategy
– Defining, developing, implementing, and monitoring process and procedures for to support and maintain Splunk ES and Phantom

Education and Years of Experience: 

– At least ten (10) years of hands-on experience in LAN/Network Administration or System Administration
– At least five (5) years of Technical Lead experience on system management /deployment projects
– At least five (5) years of progressive hands-on experience in architecture, design, implementation, support of moderate to complex Splunk Solutions
– Bachelor’s degree from an accredited college or university with a major in Computer Science, Information Systems, Engineering or related scientific or technical discipline

Required Skills/Certifications:

– Self-starter, able to gather requirements, plan, execute Splunk architecting and deployment efforts
– Able to perform gap analysis and initiate and execute architectural improvements
– Hands-on experience architecting, building, deploying Splunk instances. Working knowledge of Splunk Validated Architectures
– Hands-on experience administering, maintaining, and scaling Splunk instances
– Hands-on experience with scripting languages such as Pearl or Python or Bash etc. 
– Hands-on experience with Regular Expressions (RegEx)
– Must have working knowledge and understanding of network infrastructure components such as routers, switches, firewalls etc.
– Must have working knowledge and understanding of networking and switching protocols and infrastructure services able to troubleshoot and identify DNS, NTP, routing, switching, and firewall issues affecting connectivity of Splunk instances
– Customer-oriented with excellent issue follow-through and resolution abilities
– Excellent written and oral communication, and presentation skills
– Ability to effectively work both autonomously as well as on a team
– Outstanding interpersonal skills, strong work ethic, and self-motivated
– Utilize tools and analytical skills to plan and execute technical changes

Desired Skills/Certifications:

– Splunk Certified Architect or Splunk Enterprise Security Certified Admin, or Splunk Phantom Certified Admin certifications
– Cisco CCNA or CompTIA Network + or relevant industry networking certifications 
– CompTIA Security + or relevant industry security certifications  
– Windows/Linux OS and MS SQL/MYSQL/Oracle DB Administration
– Experience in project task technical analysis, planning, and estimation
– Experience in project task technical analysis, planning, and estimation
– Experience with technology capabilities market research, technical analysis/review, and recommendation

General Requirements:

– U.S. Citizenship required
– Location: Crownsville, MD 

Salary Commensurate with Experience

Job Features

Job CategoryCybersecurity, Project Management

Apply Online