Verizon Principal Splunk Engineer in Alpharetta, Georgia

What you’ll be doing...

The Principal Splunk Engineer is a critical part of our Enterprise Managed Security Services (MSS) team and will spend a majority of the time optimizing the Splunk back end platform, creating automated scripts for Splunk, advanced troubleshooting, and working with Security Analysts during complex network threat investigations.

The Managed Security Services team is responsible for protecting the client’s intellectual property, network and computing assets, employee data, and corporate brand from the threats seen in an evolving security landscape. You will be a technical resource for in-depth security incident analysis and security consulting for customers. You will be an expert in Splunk policy tuning, incident management, and security analytics.

  • Helping the Security Operations Center (SOC) team detect and respond to security incidents, investigate indicators of compromise and advanced persistent threats against the clients

  • Partnering with the client’s IT, Security Operations, and Incident Response teams to remediate these threats against their assets

  • Regularly reviewing the security policies and configurations on the platforms with the clients to meet the challenges posed to the client’s network and to mitigate with the existing technologies deployed

  • Providing advanced security incident analysis, research, and evaluation to complement the escalations provided by our SOC

  • Handling the backend Splunk administration and tuning

  • Developing and performing advanced or custom queries to correlate data across multiple systems or formats

  • Providing guidance and recommendations on risk and security posture at the client’s site

  • Providing functional expertise for customer projects that contain in-scope security requirements

  • Consulting, determining level of effort, specifying equipment, and implementing recommendations and guidance

  • Proactively or reactively generate proposals for recommended, corrective courses of action based on security incidents or RCA reports

  • Consulting with SOC support personnel on most pertinent security incidents, and providing customers with remediation recommendations

  • Consulting, mentoring and training internally to interact and assist other MSS personnel as a technical escalation point for complex security architecture review and operational enhancement

  • Using reports and summaries to identify ongoing items affecting customers or systemic problems in event generation, normalization, or presentation

  • Collaborating with IT development, intelligence teams, and content creation teams to identify and correct bugs, improve threat detection content, or introduce new features

  • Developing resolutions to complex problems that require the frequent use of creativity\

  • The ITIL certification is a departmental development benchmark. All security analysts and engineers are required to obtain an ITIL Foundation certification within one year of their start date.

What we’re looking for...

You’ll need to have:

  • Bachelor’s Degree orsix or more years of work experience as a Splunk Engineer, Analyst, or Architect

  • Experience with security incident analysis, intelligence collection, auditing, or reporting process/procedures

  • Experience scripting or coding in one or more languages such as Perl, Python, Bash/UNIX shell, and/or SQL

  • Experience with linux command line skills and experience with tools such as grep, awk, sed, yum, and/or apt

  • ITIL v3 certification, or the ability to obtain the certification within one year of hire date

Even better if you have:

  • Master’s Degree in Cybersecurity, Information Assurance, Computer Science or other technical field

  • Seven or more years of experience as a Splunk Engineer, Analyst, or Architect

  • Seven or more years direct experience in security incident analysis, intelligence collection, auditing, or reporting process/procedures

  • Splunk Certified Administrator or Architect

  • Expert level understanding of security threats and how to mitigate those threats

  • Administration experience with enterprise security products from vendors such as Fortinet, Palo Alto, Cisco, Check Point, Bluecoat, FirePOWER, Cylance, or Tanium

  • Experience performing data analysis using Elasticsearch/Kibana or Oracle BI

  • Experience using issue or project tracking tools such as Bugzilla, Jira, or similar

  • Experience using common software development tools such as git or mercurial

  • Experience deploying, securing, or managing virtual machines on VMware, OpenStack, Amazon Web Services, or Microsoft Azure

  • Current SANS, EC Council, or Offensive Security certification such as SANS Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), and/or Offensive Security Certified Professional (OSCP)

  • Trained on 3rd party analysis and policy definition

  • Experience driving process improvements and gap identification

  • Progressive experience with analytics and Firewall technologies with a focus on industry trends and technology advancements and how they relate to MSS

  • Exceptional problem solving skills and the ability to excel in high pressure environments

When you join Verizon...

You’ll be doing work that matters alongside other talented people, transforming the way people, businesses and things connect with each other. Beyond powering America’s fastest and most reliable network, we’re leading the way in broadband, cloud and security solutions, Internet of Things and innovating in areas such as, video entertainment. Of course, we will offer you great pay and benefits, but we’re about more than that. Verizon is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Verizon.

Equal Employment Opportunity

We're proud to be an equal opportunity employer- and celebrate our employees' differences,including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. Different makes us better.

REQNUMBER: 494105-1E