Let’s Connect Today!

NextGen Person

Senior Splunk Consultant in St. Louis, MO at NextGen

Date Posted: 2/13/2018

Job Snapshot

Job Description

Digital Forensics and Incident Response (DFIR) responds to Security and Privacy incidents across company business segments and supports objective and professional analysis and response to security policy violations. The ideal candidate will have excellent analytical skills, good communication skills (written and verbal), and intermediate-level technical skills.
We define "content" as any specific custom alert, report, dashboard, or other such custom rule.

This position will be responsible for creating and managing custom Splunk content in partnership with various customers and product owners in order to provide business and security value.
• Utilize Splunk to create custom content that will provide value to the customer
• Leverage Kanban methodology in support of an agile framework to develop content in accordance with established SLA's
• Utilize the DFIR Content Governance to ensure all content is compliant to DFIR process and is inventoried and aligns to naming standards and best practices
• Manage the lifecycle of all content, including operations and maintenance routines to ensure contents continued viability and relevance
• Work in partnership with primary and secondary stakeholders to develop dashboards, reports, alerts and tools in alignment with stakeholder requirements.
• Perform functional, user-acceptance, and regression testing in support of SDLC practices

Technical Requirements
• Associate's Degree or equivalent from two-year College or technical school in Information Technology, Information Security/Assurance, Engineering or related field of study; at least 2 years of related experience and/or training; or equivalent combination of education and experience required.
• Minimum 5 years of general IT experience with a variety of operating systems including Windows, Linux or UNIX in a functional capacity.
• Ability to create splunk custom queries, reports, dashboards, visuals, and alerts. Must be intermediate to advance (3+ yrs direct experience minimum)
• Minimum 3 years working as a Security Operations Center engineer leveraging Splunk to create custom content including but not limited to; alerts, reports, dashboards, and application research
• Ability to research and recommend splunk technical addon's and applications to accomplish a goal (3+ yrs direct experience minimum)
• Ability to work with large data sets (3+ yrs direct experience minimum)
• Understand windows logging taxonomy and event ID's (1+ yrs direct experience minimum)
• Previously an intermediate windows system administrator (1+ yrs direct experience minimum)
• Must be process and detailed oriented
• Ability to work in sharepoint and MS office
• Familiar with agile concepts
• Familiar with Incident Response concepts
• Experience with one or more scripting languages such as Perl, Python and PowerShell required.
• Security and/or Networking familiarity or understanding preferred in any of the following:
• Basic routing principles and networking fundamentals
• Well known protocols and services (FTP,HTTP,SSH,SMB,LDAP)
• Packet Analysis Tools (TCPDUMP, Wireshark, etc)
• Keen ability to diagnose and troubleshoot technical issues, excellent problem solving skills