Falls Church, Virginia

Splunk Architect - 100% Remote

Job Specs

Cyber Defense

Job Description:

XOR Security is currently seeking a talented Splunk Architect to support Security Operation Center of a federal customer.

We are seeking candidates who can deploy and maintain the backend architecture and developing content for a complex and growing Splunk infrastructure. This includes use cases for Dashboards, Reports, Alerts, as well as Splunk Apps, Technology Add-ons, Common Information Model.  The candidate will provide optimization of data flow using aggregation, filters, etc.  The candidate will need to participate in the operation of Splunk and Splunk ES, logging infrastructure, Windows and Linux servers, and backups as they support life-cycle management of the Splunk platform to including coordination and planning of upgrades, new deployments, and maintaining current operational data flows. In addition, the candidate must have demonstrable knowledge and technical ability managing Amazon Web Services systems.

Splunk Engineer will support:

  • Preparation activities to include a use case work shop, requirements gathering and capacity planning
  • Splunk Core and Splunk ES Architecture Deployment
  • Amazon Web Service Deployed Splunk Environment
  • Linux based platform
  • Data onboarding and normalization
  • Use case development and data visualization
  • Tuning of architecture, data streams, and use cases

Required Qualifications:

  • U.S. Citizenship
  • Bachelor’s Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering
  • Minimum of 3 years’ experience in system integration including the design, development, enhancement of cyber systems
  • Minimum 5 years of experience with Splunk operations and maintenance
  • Must possess strong written and verbal communication skills and must be capable of the understanding, documenting, communicating and presenting technical issues in a non-technical manner to audiences with varying degrees of technical expertise
  • Must have demonstrated ability to build and implement event correlation rules, logic, and content in the security information and event management system with specific experience in the Splunk platform
  • Must have demonstrated ability to tune the SIEM event correlation rules and logic to filter out security events associated with known and well-established network behavior, known false positives and/or known errors
  • Must have experience maintaining an event schema with customized security severity criteria
  • Must have experience creating scheduled and ad-hoc reporting with Splunk
  • Must possess a thorough and in-depth understanding of SEIM technologies and event collection mechanisms in the Windows and Linux operating environments
  • Demonstrated experience with Extraction, Transformation, and loading of data including skills in SPL and Regex
  • Deploying sysmon in Splunk

Desired Qualifications:

  • Experience with exabeam or Splunk UBA
  • Experience maintaining an event schema with customized security severity criteria
  • Experience with a cloud based Splunk deployment
  • Experience supporting a Security Operation Center’s Splunk deployment
  • Experience as a Security Engineer and/or Security Analyst.
  • Excellent problem-solving capabilities.
  • Splunk Architect level cert or above
  • AWS Administration cert or above

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements – US CITIZENSHIP REQUIRED