Splunk Security Engineer in Durham, NC at Booz Allen Hamilton Inc.

Date Posted: 11/2/2018

Job Snapshot

  • Employee Type:
  • Location:
    Durham, NC
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:

Job Description

Job Number: R0023127

Splunk Security Engineer

Key Role:
Develop security-focused content for complex client Splunk deployments, including focusing on the creation of complex threat detection logic, dynamic operational dashboards, and data source onboarding and configure and deploy enterprise security, operate Splunk using security information and event management (SIEM) or security event management (SEM), and architect log management or ingestion solutions. Develop automation for security tools management and create customized searches and applications using programming and development expertise, including CSS, HTML, or JavaScript, Python, shell scripting, and regular expression. Act as a Splunk Search Language (SPL) expert, including developing network or entity-based anomaly detection alerting logic in SPL using the ML toolkit. Research security principles, host and network-based security technologies, machine learning algorithms, and mitigation methods. Operate, develop for, and maintain Splunk log management infrastructure, leverage knowledge of several security technologies, information security, and networking, and interact with clients. Assist with the management of Splunk hardware infrastructure, oversee production support, design the Splunk system to meet growth while maintaining a balance between performance, stability, and agility, and develop advanced scripts for the manipulation of multiple data repositories to support analyst requirements. Manage client expectations and develop advanced reports to meet the requirements of key stakeholders, scalable security management tools, and processes. This position may require the ability to travel to locations within the US.

Basic Qualifications:
-5+ years of experience with IT
-1+ years of experience with Splunk, network security, system security, or supporting security information and event management (SIEM)
-1+ years of experience with rule and advanced logic creation in Splunk
-Experience with using scripting languages to automate tasks and manipulate data
-Experience with working in a large enterprise environment
-Knowledge of enterprise logging, including application, OS, and security technology logging
-Knowledge of regular expressions
-Ability to demonstrate SPL expertise
-Ability to travel up to 80% of the time
-BA or BS degree

Additional Qualifications:
-1+ years of experience with performing hunt activities in an incident response role

-Experience with working in a commercial consulting or professional services environment
-Experience with enterprise-scale operations and maintenance environments
-Experience with programming a plus
-Experience with Python
-Experience with security tools, including Firewall, IDS, Active Directory, Nmap, Burp, Proxy, or Bro
-Knowledge of networking protocols
-BA or BS degree in CS, IT, or a related field
-Splunk Admin or Architect Certification

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status—to fearlessly drive change.


Your Career is Waiting.

Get job alerts. Learn about new work and upcoming events. Share open roles with friends and colleagues.
Our Talent Network is your opportunity hub.

Get Answers and Access.

Need more information? Find it in our FAQs.

Application already in-process? Log in to keep going.