The Splunk SaaS Engineer (SE) will support a progressing team environment that supports the full system engineering life cycle, including requirements analysis, design, development, integration, scripting, programming, testing, documentation, and implementation following defined best practices and operational workflows. The SE will be a Cybersecurity team member and will install and maintain Splunk infrastructure, gather customer requirements, onboard data, and assist end users with searches, dashboards, reports, and knowledge objects. SE will need to understand the importance of Knowledge Objects, how they give form to the chaos of raw data within Splunk, and how a multi-dimensional data structure is created. SE will develop apps and add-ons and will collaborate with IHS stakeholders to define the objects to be created and developed, as well as Splunk Professional Services to develop, execute, and implement a Splunk SaaS. SE will assist in designing and implementing computer security strategies and architecture.

• Manage multiple assignments with changing priorities, and work independently with little oversight
• Build, implement, and administer Splunk in Windows and Linux environments
• Work with existing and custom Splunk applications and add-ons to fulfill customer needs
• Provide overall engineering and design support for a distributed Splunk environment consisting of heavy forwarders, indexers, and search head servers, spanning security, performance, and operational roles
• Editing and maintaining Splunk configuration files and apps
• Provider operational support Splunk Universal Forwarder on Linux and Windows endpoints
• Create, manage, and support automation solutions for Splunk deployment and orchestration in on-premise and cloud environments

• Bachelor’s degree in Computer Science, Engineering, or a related field with a minimum of five years of experience in system administration, database administration, network engineering, software engineering, or software development, with a concentration in Cybersecurity
• 3-5 years of experience with Linux and Windows system administration or an intermediate understanding of operating systems and common operating environments
• Minimum of three years of experience with Splunk in distributed deployments
• Current certification in at least one of the following:
  • Splunk Core Certified Consultant
  • Splunk Enterprise Certified Architect
  • Splunk Enterprise Security Certified Administrator
• Experience implementing FISMA, NIST, NSA, and other information security, cybersecurity, and CDM-related industry policies, procedures, guidelines, standards, and best practices
• Experience with Splunk Enterprise Security or integration with other Security Information and Event Management (SIEM) platforms
• Proficient at data onboarding activities including routing, parsing, and normalizing events to the Splunk Common Information Model (CIM)
• Proficiency in onboarding data using Splunk-developed add-ons for Windows, Linux, and common third-party devices and applications
• Experience onboarding data into Splunk via forwarder, scripted inputs, TCP/UDP, and modular inputs from a variety of sources
• Proficiency in managing Splunk using the Splunk command-line interface
• Proficiency in managing Splunk using configuration files
• Excellent written and oral skills, ability to work closely with multiple customers, manage expectations, and track engagement scope
• Experience collaborating with separate engineering teams to configure data sources for Splunk integration
• Proficiency in implementing and onboarding data in Splunk DB Connect
• Experience with Splunk performing systems administration, including performing installation, configuration, monitoring system performance and availability, upgrades, and troubleshooting
• General networking and security troubleshooting (firewalls, routing, NAT, etc.)
• Splunk implementation and troubleshooting experience
• Experience in managing, maintaining, and administering multi-site indexer cluster
• Proficiency in developing log ingestion and aggregation strategies per Splunk best practices
• Perform integration activities to configure, connect, and pull data with 3rd party software APIs
• Proficient in regular expressions
• Ability to autonomously prioritize and successfully deliver across a portfolio of projects
• Expert in the Splunk M21-31 package from Splunk Professional Services
• Well-versed in implementing Splunk SaaS, Splunk SaaS User Behavior Analysis, and Splunk SaaS Enterprise capabilities.
  • Expert in the Splunk M21-31 package from Splunk Professional Services
  • Expert in the SaaS Security Enterprise, User Behavioral Analysis, and Splunk SaaS

Even better if you have:

• Strong interpersonal skills, including mentoring, coaching, collaborating, and team building.
• Strong knowledge and understanding of business needs with the ability to establish/maintain a high level of customer trust and confidence.
• Excellent decision-making ability, balancing what is right with what is realistic.
• Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change.
• Demonstrated ability to lead through influence and to deliver results through others.
• Strong verbal and written communication skills for various audiences, including proven ability to deliver conference presentations.
• Work with various levels of project managers, modelers, data stewards, and architects to design data-loading processes and identify potential problem areas
• Creative approach to problem-solving with the ability to focus on details while maintaining the "big picture" view.