Deloitte Foundry Cyber Splunk Engineer Senior Consultant in Los Angeles, California
Are you interested in improving the cyber and organizational risk profiles of leading companies? Do you want to be involved in delivering Managed Security Services including identifying unauthorized activities and intrusions in their networks in real time? Are you excited about rapidly changing operational environments, learning what you need to get the job done, and producing accurate and timely results?
If yes, then Deloitte's Foundry Managed Security Services team could be the place for you! Transparency, innovation, collaboration, sustainability: these are the hallmark issues shaping cyber initiatives today. Deloitte's Foundry MSS business is passionate about making an impact with lasting change. Delivering our industry leading services requires fresh thinking and a creative approach. We collaborate with teams from across our organization in order to bring the full breadth of Deloitte, its commercial and public sector expertise, to best support our clients. Our aspiration is to be the premier integrated services provider in helping to transform the cyber security services marketplace.
Our team is client focused and mission driven. As a Splunk Engineer in Deloitte's Foundry Managed Security Services, you'll work with our diverse teams of passionate professionals to help solve for some of today's toughest cybersecurity challenges to enable our clients to achieve business growth and manage risk.
Work you'll do
As a Splunk Engineer you will be managing and providing Splunk health and operational support, including supporting to architecture changes, app development & deployments and advanced content development.
You will be closely working with Security Operations Center (SOC), Content, TIA and ThreatConnect teams as an advanced escalation point in identifying and addressing potential information security incidents leveraging Splunk Processing Language (SPL).
Perform Splunk configuration management, and troubleshooting, addressing complex issues and day to day operations management
Onboard security relevant data sources and develop new and custom parsers wherever a supported TA is not present
Perform Splunk architecture assessments and design reviews
Deploy and configure large scale Splunk infrastructure
Build custom Splunk app/TA based on customer requirements
Deliver Splunk advisory support and education to other SOC and technology management personnel
Assist in Security incident detection Use Case Roadmap development and update Use Cases in Use Case Repository
Build advanced Security Incident detection Use Cases, with or without Splunk ES
Create high quality and intuitive custom reports, dashboards using Splunk Processing Language (SPL)
Develop scripts, as needed, to simplify data collection and automate data onboarding tasks
Work on Splunk data models and make all ingested data CIM compliant
Create and/or perform quality review of HLUC, TUC, Use Case Testing, Parser, Runbooks, and other Technical documents
Create runbooks for analyst, guiding them to investigate notables/alerts
Provide 24/7 on-call support for Splunk infrastructure or performance related issues (as needed)
Mentor and train Junior Splunk Engineers
Coordinate with various technical groups and attend client meetings
Build relationships with client counterpart (i.e. Client Lead Security Engineer)
Adhere to internal operational security and other Deloitte policies
Participate in other short-term project work as assigned
Bachelor of engineering or Science in computers, information systems, information security, Math, decision sciences, risk management, or other business/technology disciplines or equivalent work experience
3+ years' experience working as Splunk SME/engineer/developer.
Extensive experience in Splunk deployment, configuration, data ingestion, correlation alert creation, report and dashboard building on Splunk.
Knowledge of Splunk app development/config file customization
In-depth understanding on various Splunk components/configuration files
Strong analytical and problem-solving skills
Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc.
Understanding of common network infrastructure devices such as routers and switches Excellent interpersonal and organizational skills
Excellent oral and written communication skills
Understanding of basic networking protocols such as TCP/IP, DNS, HTTP
Limited immigration sponsorship may be available
Ability to travel 10%, on average, based on the work you do and the clients and industries/sectors you serve
Splunk certified Admin or Architect
Cyber Security Certifications from EC-Council, COMPTIA, SANS, (ISC)2 etc.
Exposure to Splunk Enterprise Security/Splunk UEBA/Splunk MLTK
Knowledge and familiarity with leading Public Cloud platforms such as Azure, AWS, GCP
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.