Technical Consultant - Senior focuses on Splunk Custom Development
Digital Forensics and Incident Response (DFIR) responds to Security and Privacy incidents across business segments and supports objective and professional analysis and response to security policy violations. The ideal candidate will have excellent analytical skills, good communication skills (written and verbal), and intermediate-level technical skills.
This position will be responsible for creating and managing custom Splunk content in partnership with various customers and product owners in order to provide business and security value.
• Utilize Splunk to create custom content that will provide value to the customer
• Leverage Kanban methodology in support of an agile framework to develop content in accordance with established SLA’s
• Utilize the DFIR Content Governance to ensure all content is compliant to DFIR process and is inventoried and aligns to naming standards and best practices
• Manage the lifecycle of all content, including operations and maintenance routines to ensure contents continued viability and relevance
• Work in partnership with primary and secondary stakeholders to develop dashboards, reports, alerts and tools in alignment with stakeholder requirements.
• Perform functional, user-acceptance, and regression testing in support of SDLC practices
• Ability to create splunk custom queries, reports, dashboards, visuals, and alerts. Must be intermediate to advance (3+ yrs direct experience minimum)
• Ability to research and recommend splunk technical addon’s and applications to accomplish a goal (3+ yrs direct experience minimum)
• Ability to work with large data sets (3+ yrs direct experience minimum)
• Understand windows logging taxonomy and event ID’s (1+ yrs direct experience minimum)
• Previously an intermediate windows system administrator (1+ yrs direct experience minimum)
• Must be process and detailed oriented
• Ability to work in sharepoint and MS office
• Familiar with agile concepts
• Familiar with Incident Response concepts
• Experience with one or more scripting languages such as Perl, Python and PowerShell required.
• Security and/or Networking familiarity or understanding preferred in any of the following:
• Basic routing principles and networking fundamentals
• Well known protocols and services (FTP,HTTP,SSH,SMB,LDAP)
• Packet Analysis Tools (TCPDUMP, Wireshark, etc)
• Keen ability to diagnose and troubleshoot technical issues, excellent problem solving skills
• Associate’s Degree or equivalent from two-year College or technical school in Information Technology, Information Security/Assurance, Engineering or related field of study; at least 2 years of related experience and/or training; or equivalent combination of education and experience required.
• Minimum 5 years of general IT experience with a variety of operating systems including Windows, Linux or UNIX in a functional capacity.
• Minimum 3 years working as a Security Operations Center engineer leveraging Splunk to create custom content including but not limited to; alerts, reports, dashboards, and application research
• Minimum 1 years working as a Security Incident Response professional preferred
• Ability to work both independently and as part of a team with minimal supervision
• Excellent written and verbal communication skills required. Must be able to communicate technical details a clear, understandable manner.
• Customer-oriented focus required, with a strong interest in a client satisfaction.
• Solid understanding of Information Security and Networking required.
• The ability to pick up new technology or concepts up very quickly required.
• Outstanding time management and organizational skills required.
Work Schedule: Flexible but close to standard business hours for CST
Global Technology Solutions, Inc. (GTS) is a provider of Information Technology Service Solutions, Telecommunications Services and Warehousing/Logistics. We focus on meeting the needs of our public and private sector clients by providing services in the following areas: Cyber Security/Information Assurance, Network Systems Integration, IT Services Solutions, Supply Chain/Logistics and Program/Project Management. We partner with our clients to research, analyze, interpret and understand their business. Our business philosophy is to provide superior value resulting in significant economic and operational benefits to the companies we support. We are successful in delivering results for our clients due to our focus on the company’s core services, demonstrated consistently by our investment in time, resources, technology, and processes.
Global Tech is ISO 9001-2008 certified, providing an excellent quality management system to effectively address all areas of our business and client engagements. ISO 9001-2008 accreditation gives us the quality system to deliver excellence in customer satisfaction. To further enhance our quality systems, Global Technology is in the process of implementing ISO 20000 and CMMI Level 3.
Global Technology Solutions selected SAP Enterprise Resource Planning software on which to operate, enabling the organization to more efficiently support and process client transactions and future organization growth.
We continue to improve and refine our core services to deliver cohesive, high value solutions and services and ensure that our offerings are in alignment with the strategic goals and objectives of our clients.