Listing Description

XOR Security is currently seeking a talented Splunk Security Engineer to support the Security Operation Center of a federal customer.

We are seeking candidates who can deploy and maintain the backend architecture and developing content for complex and growing Splunk infrastructures across multiple customers. This includes use cases for Dashboards, Reports, Alerts, as well as Splunk Apps, Technology Add-ons, and making data Common Information Model compliant.  The candidate will provide optimization of data flow using aggregation, filters, etc.  The candidate will need to participate in the operation of Splunk and Splunk ES, logging infrastructure, Windows and Linux servers, and backups as they support life-cycle management of the Splunk platform to including coordination and planning of upgrades, new deployments, and maintaining current operational data flows. In addition, the candidate must have demonstrable knowledge and technical ability managing Amazon Web Services systems.

***This is a REMOTE role!

Splunk Engineer will support:

• Preparation activities to include use case workshops, requirements gathering and capacity planning.


• Splunk Core and Splunk ES Architecture Deployment


• Splunk Cloud and Splunk Security Cloud


• Amazon Web Service Deployed Splunk Environment


• Linux based platforms


• Data onboarding and normalization


• Use case development and data visualization


• Tuning of architecture, data streams, and use cases


• Splunk Universal Forwarder configuration and deployment

Required Qualifications:

• U.S. Citizenship


• Bachelor’s Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering


• Minimum of 3 years’ experience in system integration including the design, development, enhancement of cyber systems


• Minimum 5 years of experience with Splunk operations and maintenance


• Must possess strong written and verbal communication skills and must be capable of understanding, documenting, communicating, and presenting technical issues in a non-technical manner to audiences with varying degrees of technical expertise.


• Must have demonstrated ability to build and implement event correlation rules, logic, and content in the security information and event management system with specific experience in the Splunk platform


• Must have demonstrated ability to tune SIEM event correlation rules and logic to filter out security events associated with known and well-established network behavior, known false positives and/or known errors.


• Must have experience creating scheduled and ad-hoc reporting with Splunk


• Must possess a thorough and in-depth understanding of SIEM technologies and event collection mechanisms in the Windows and Linux operating environments.


• Demonstrated experience creating or modifying Splunk Apps/TAs using regex/sed in configuring props/transforms.


• Strong understanding of Linux, Windows, Oracle, and other operating systems.


• Strong Splunk SPL and dashboard building skills.


• Linux networking troubleshooting skills.


• Experience with security tools such as packet capture solutions, IDS/IPS, and endpoint protection software.


• Experience deploying and configuring rsyslog or syslog-ng.


• Certifications: Splunk Admin, Splunk Architect, or Splunk Consultant

Desired Qualifications:

• Experience creating and deploying Ansible playbooks


• Experience using and deploying Cribl


• Experience with Exabeam or Splunk UBA


• Experience maintaining an event schema with customized security severity criteria


• Experience with a cloud based Splunk deployment


• Experience supporting a Security Operation Center’s Splunk deployment


• Experience as a Security Engineer and/or Security Analyst.


• Excellent problem-solving capabilities.


• Splunk Architect level cert or above


• AWS Administration cert or above

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements – US CITIZENSHIP REQUIRED