Foundry Cyber Splunk Engineer Senior Consultant

Profile

87,485

Job Information

Deloitte

Foundry Cyber Splunk Engineer Senior Consultant

in

Philadelphia

Pennsylvania

Are you interested in improving the cyber and organizational risk profiles of leading companies? Do you want to be involved in delivering Managed Security Services including identifying unauthorized activities and intrusions in their networks in real time? Are you excited about rapidly changing operational environments, learning what you need to get the job done, and producing accurate and timely results?

If yes, then Deloitte's Foundry Managed Security Services team could be the place for you! Transparency, innovation, collaboration, sustainability: these are the hallmark issues shaping cyber initiatives today. Deloitte's Foundry MSS business is passionate about making an impact with lasting change. Delivering our industry leading services requires fresh thinking and a creative approach. We collaborate with teams from across our organization in order to bring the full breadth of Deloitte, its commercial and public sector expertise, to best support our clients. Our aspiration is to be the premier integrated services provider in helping to transform the cyber security services marketplace.

Our team is client focused and mission driven. As a Splunk Engineer in Deloitte's Foundry Managed Security Services, you'll work with our diverse teams of passionate professionals to help solve for some of today's toughest cybersecurity challenges to enable our clients to achieve business growth and manage risk.

Work you'll do

As a Splunk Engineer you will be managing and providing Splunk health and operational support, including supporting to architecture changes, app development & deployments and advanced content development.

You will be closely working with Security Operations Center (SOC), Content, TIA and ThreatConnect teams as an advanced escalation point in identifying and addressing potential information security incidents leveraging Splunk Processing Language (SPL).

Perform Splunk configuration management, and troubleshooting, addressing complex issues and day to day operations management

Onboard security relevant data sources and develop new and custom parsers wherever a supported TA is not present

Perform Splunk architecture assessments and design reviews

Deploy and configure large scale Splunk infrastructure

Build custom Splunk app/TA based on customer requirements

Deliver Splunk advisory support and education to other SOC and technology management personnel

Assist in Security incident detection Use Case Roadmap development and update Use Cases in Use Case Repository

Build advanced Security Incident detection Use Cases, with or without Splunk ES

Create high quality and intuitive custom reports, dashboards using Splunk Processing Language (SPL)

Develop scripts, as needed, to simplify data collection and automate data onboarding tasks

Work on Splunk data models and make all ingested data CIM compliant

Create and/or perform quality review of HLUC, TUC, Use Case Testing, Parser, Runbooks, and other Technical documents

Create runbooks for analyst, guiding them to investigate notables/alerts

Provide 24/7 on-call support for Splunk infrastructure or performance related issues (as needed)

Mentor and train Junior Splunk Engineers

Coordinate with various technical groups and attend client meetings

Build relationships with client counterpart (i.e. Client Lead Security Engineer)

Adhere to internal operational security and other Deloitte policies

Participate in other short-term project work as assigned

Qualifications

Required:

Bachelor of engineering or Science in computers, information systems, information security, Math, decision sciences, risk management, or other business/technology disciplines or equivalent work experience

3 years' experience working as Splunk SME/engineer/developer.

Extensive experience in Splunk deployment, configuration, data ingestion, correlation alert creation, report and dashboard building on Splunk.

Knowledge of Splunk app development/config file customization

In-depth understanding on various Splunk components/configuration files

Strong analytical and problem-solving skills

Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc.

Understanding of common network infrastructure devices such as routers and switches Excellent interpersonal and organizational skills

Excellent oral and written communication skills

Understanding of basic networking protocols such as TCP/IP, DNS, HTTP

Limited immigration sponsorship may be available

Ability to travel 10%, on average, based on the work you do and the clients and industries/sectors you serve

Preferred:

Splunk certified Admin or Architect

Cyber Security Certifications from EC-Council, COMPTIA, SANS, (ISC)2 etc.

Exposure to Splunk Enterprise Security/Splunk UEBA/Splunk MLTK

Knowledge and familiarity with leading Public Cloud platforms such as Azure, AWS, GCP

#LI-DP3

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Company info

Deloitte Development, LLC
Website : http://www.deloitte.com