Bachelor’s Degree in Information Technology or related field
6 years Splunk Content Development experience
Atlanta, GA or REMOTE
Active Public Trust Clearance
Splunk Content Developer is responsible for developing, customizing, and configuring Splunk apps and dashboards. The candidate will build and integrate content in a Splunk Core and ES environment and provide technical support to NOC and SOC customers in order to detect, hunt, and mitigate cyber threats. Ability to interact with end users to gather requirements, optimize existing SIEM processes and leverage Splunk technology to improve detection and analysis methods. Reviews and recommends cyber security solutions to customer problems based on an understanding of products/systems test results. Provides Splunk support and guidance to NOC and SOC analysts, improve efficiency of NOC and SOC analysts, operates under deadlines, and is able to work on multiple tasks.
- Support the day-to-day operation of a highly available distributed multi-clustered multi-tenant Splunk deployment
- Create queries, dashboards, and visualizations to support customer requirements and monitoring of the Splunk deployment
- Develop custom functions utilizing REST endpoints and integrating technologies with Splunk
- Create and manage Splunk knowledge objects to include apps, dashboards, alerts, extractions, tags, workflow actions, and aliases
- Develop content with regular expressions, performing data interpretation classification, and enrichment
- Develop reports for operational activities and to meet NOC and SOC customer requirements
- Facilitate excellent problem solving, critical thinking, and analytical skills with the ability to de-construct problems
- Provide resources and certified personnel necessary with extensive knowledge of Splunk
- Flexibility to meet any threat scenario 24/7/365 as mission dictates.
- Must be a US Citizen with an active DoD Public Trust Clearance.
- Holds one or more Splunk certifications (Power User, Administrator, ES Developer, etc)
- Experience or a desire to learn advanced SOC methodologies using Splunk ES
- Experience or a desire to learn NOC technologies