Verizon Principal Splunk Engineer in Cedar Rapids, Iowa
What you’ll be doing...
The Principal Splunk Engineer is a critical part of our Enterprise Managed Security Services (MSS) team and will spend a majority of the time optimizing the Splunk back end platform, creating automated scripts for Splunk, advanced troubleshooting, and working with Security Analysts during complex network threat investigations.
The Managed Security Services team is responsible for protecting the client’s intellectual property, network and computing assets, employee data, and corporate brand from the threats seen in an evolving security landscape. You will be a technical resource for in-depth security incident analysis and security consulting for customers. You will be an expert in Splunk policy tuning, incident management, and security analytics.
Helping the Security Operations Center (SOC) team detect and respond to security incidents, investigate indicators of compromise and advanced persistent threats against the clients
Partnering with the client’s IT, Security Operations, and Incident Response teams to remediate these threats against their assets
Regularly reviewing the security policies and configurations on the platforms with the clients to meet the challenges posed to the client’s network and to mitigate with the existing technologies deployed
Providing advanced security incident analysis, research, and evaluation to complement the escalations provided by our SOC
Handling the backend Splunk administration and tuning
Developing and performing advanced or custom queries to correlate data across multiple systems or formats
Providing guidance and recommendations on risk and security posture at the client’s site
Providing functional expertise for customer projects that contain in-scope security requirements
Consulting, determining level of effort, specifying equipment, and implementing recommendations and guidance
Proactively or reactively generate proposals for recommended, corrective courses of action based on security incidents or RCA reports
Consulting with SOC support personnel on most pertinent security incidents, and providing customers with remediation recommendations
Consulting, mentoring and training internally to interact and assist other MSS personnel as a technical escalation point for complex security architecture review and operational enhancement
Using reports and summaries to identify ongoing items affecting customers or systemic problems in event generation, normalization, or presentation
Collaborating with IT development, intelligence teams, and content creation teams to identify and correct bugs, improve threat detection content, or introduce new features
Developing resolutions to complex problems that require the frequent use of creativity\
The ITIL certification is a departmental development benchmark. All security analysts and engineers are required to obtain an ITIL Foundation certification within one year of their start date.
What we’re looking for...
You’ll need to have:
Bachelor’s Degree orsix or more years of work experience as a Splunk Engineer, Analyst, or Architect
Experience with security incident analysis, intelligence collection, auditing, or reporting process/procedures
Experience scripting or coding in one or more languages such as Perl, Python, Bash/UNIX shell, and/or SQL
Experience with linux command line skills and experience with tools such as grep, awk, sed, yum, and/or apt
ITIL v3 certification, or the ability to obtain the certification within one year of hire date
Even better if you have:
Master’s Degree in Cybersecurity, Information Assurance, Computer Science or other technical field
Seven or more years of experience as a Splunk Engineer, Analyst, or Architect
Seven or more years direct experience in security incident analysis, intelligence collection, auditing, or reporting process/procedures
Splunk Certified Administrator or Architect
Expert level understanding of security threats and how to mitigate those threats
Administration experience with enterprise security products from vendors such as Fortinet, Palo Alto, Cisco, Check Point, Bluecoat, FirePOWER, Cylance, or Tanium
Experience performing data analysis using Elasticsearch/Kibana or Oracle BI
Experience using issue or project tracking tools such as Bugzilla, Jira, or similar
Experience using common software development tools such as git or mercurial
Experience deploying, securing, or managing virtual machines on VMware, OpenStack, Amazon Web Services, or Microsoft Azure
Current SANS, EC Council, or Offensive Security certification such as SANS Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), and/or Offensive Security Certified Professional (OSCP)
Trained on 3rd party analysis and policy definition
Experience driving process improvements and gap identification
Progressive experience with analytics and Firewall technologies with a focus on industry trends and technology advancements and how they relate to MSS
Exceptional problem solving skills and the ability to excel in high pressure environments
When you join Verizon...
You’ll be doing work that matters alongside other talented people, transforming the way people, businesses and things connect with each other. Beyond powering America’s fastest and most reliable network, we’re leading the way in broadband, cloud and security solutions, Internet of Things and innovating in areas such as, video entertainment. Of course, we will offer you great pay and benefits, but we’re about more than that. Verizon is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Verizon.
Equal Employment Opportunity
We're proud to be an equal opportunity employer- and celebrate our employees' differences,including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. Different makes us better.