Splunk Solutions Engineer

We are searching for a Splunk Service Engineer to add to its cybersecurity team in support of the United States Postal Service. The successful candidate will experience an unparalleled large-scale hybrid-cloud environment with over 800 IT systems generating millions of digital transactions in support of a diverse user base spread across the entire US. Join the NikSoft team to scale your career to the next level.

Responsibilities:

Splunk Solutions Engineer is responsible for tuning and configuration of Splunk Core and Splunk Enterprise Security (ES) services, develop use cases with CISO end users to build content and assist in developing advanced security use cases. Participate in requirements gathering, solutions architecting, design and build of technology solutions to support Continuous Monitoring Program. Assist, train, and host workshops for CISO teams. Support off-hours and weekend efforts for incident investigations and systems maintenance.

Required skills:

• Develop and Implement Actionable Alerts and Workflow for Splunk as a SIEM (Security Information & Event Management) tool
• Develop and Implement Apps & Knowledge Objects (KO) like Dashboard, Reports, Data Models
• Work with the Splunk Architect/Admin to promote private KO to Global KO
• Assist,  and/or train CISO Splunk Engineering team on Data Lifecycle Support
• Assist, train, and/or host workshops CISO teams and analysts on Searching and Content Development
• Develop and implement automation to improve efficiency of CISO workflows using Splunk
• Assist in development of advanced security use cases in Splunk
• Develop risk rules and risk incident rules to correlate and alert to significant cyber events.
• Develop custom dashboards specific to RBA (Risk Based Alerting) to highlight risk detail, health analysis and risk suppression.
• Configure incident response and remediation workflows for ES around notable events (RBA or otherwise alerted)
• Develop custom machine learning (ML) models to support anomaly-detection based augmentation of alerting
• Work with numerous stakeholders to implement & maintain event logging from various operating systems, applications, identity providers, network infrastructure, and cloud service providers.
• Understanding of network protocols, operating systems, applications, and device event telemetry
• Have strong communication and collaboration skills, both oral and written, with excellent interpersonal and organization skills.
• Understanding of network defense tools (firewall, IPS/IDS, WAF/CDN, etc), endpoint defense tools (EDR, anti-malware) a plus
• Experience with SAAS- or cloud-hosted Splunk implementation a plus.

Required Qualifications:

• Bachelor's degree in Computer Science, Information Technology or related field.
• Minimum 2 years of experience working with Splunk and performing tasks described above.
• Thorough knowledge of data flow, client server and web-based systems, problem analysis and systems tuning; adept with network interfaces and technologies.
• 5 years of relevant experience in the cybersecurity domain.
• Strong communication skills in dealing with various stakeholders (technical and functional).
• US Citizenship or Green Card, with US based residency for at least the past 5 years to qualify for the USPS sensitive security clearance.

Job Type: Full-time

Benefits:

• 401(k) matching
• Dental insurance
• Employee discount
• Flexible schedule
• Flexible spending account
• Health insurance
• Health savings account
• Life insurance
• Paid time off
• Referral program
• Vision insurance

Application Question(s):

• Due to needed security clearance, either U.S. Citizenship or Green card holder status is required. Are you either a U.S. Citizen or Green card holder?

Work Location: Remote