Talent.com
serp_jobs.error_messages.no_longer_accepting
Splunk Engineer

Splunk Engineer

Zotec PartnersMeridian, ID, US
job_description.job_card.variable_days_ago
serp_jobs.job_preview.job_type
  • serp_jobs.job_card.full_time
job_description.job_card.job_description

Splunk Security Engineer

At Zotec Partners, our people make it happen. Transforming the healthcare industry isn't easy. But when you build a team like the one we have, that goal can become a reality. Our accomplishments can't happen without our extraordinary people the men and women across the country who make up our diverse Zotec family and help make this company a best place to work. Over 25 years ago, we started Zotec with a clear vision, to partner with physicians to simplify the business of healthcare. Today we are more than 900 employees strong and we continue to use our incredible talent and energy to bring that vision to life. We are a team of Innovators, Collaborators and Doers. We're seeking a Splunk Security Engineer to join us.

We are seeking a skilled Splunk Security Engineer to join our Information Security team. In this role, you will be responsible for the administration, optimization, and support of our Splunk environment, including Splunk Enterprise, Splunk IT Service Intelligence (ITSI), Splunk Enterprise Security (ES), and Splunk Cloud deployments. You will work closely with cross-functional teams to enhance our security monitoring capabilities, develop dashboards, create efficient searches, and ensure the reliability of our Splunk infrastructure.

What you'll do :

  • Splunk Implementation and Maintenance

Administer and maintain our Splunk Enterprise environment and Splunk Cloud setup

  • Deploy, configure, and update Splunk Enterprise Security (ES) and IT Service Intelligence (ITSI)
  • Coordinate and configure new Splunk resources as needed
  • Configure and secure Splunk endpoints
  • Install, configure, and update various Splunk applications and add-ons from Splunkbase
  • Keep Splunk and Splunkbase apps up to date
  • Run periodic health checks on Splunk systems
  • Manage Splunk deployments to servers and workstations
  • Update user index permissions
  • Dashboard and Search Development

    • Design, develop, optimize, and maintain Splunk dashboards, reports, and alerts

  • Create and refine search queries using SPL to improve detection capabilities
  • Develop custom visualization solutions to meet specific business requirements
  • Create reusable dashboard components to ensure consistency across the environment
  • Implement role-based access controls for dashboards and reports
  • Provide training and support to end users on dashboard functionality
  • Assist team members with dashboard creation and search building
  • Extract complex fields from different types of log files using regular expressions
  • Data Ingestion and Management

    • Onboard and integrate new data sources into the Splunk environment

  • Setup Splunk Technical Add-ons (TAs) for ingestion
  • Configure and implement HTTP Event Collector (HEC) tokens
  • Setup proper parsing and field extractions for custom log types
  • Validate and refine Splunk license usage based on incoming logs
  • Work with development teams to implement logging standards for custom applications
  • Support cloud-based ingestion from AWS, Google Cloud, and SaaS platforms
  • Troubleshooting and Support

    • Troubleshoot Splunk-related issues and performance problems

  • Assist Security and Operations teams with incident investigations using Splunk
  • Provide on-call support during security incidents and investigations
  • Assist with Universal Forwarder troubleshooting
  • Perform analysis on log data and troubleshoot missing log errors from sources
  • Collaboration and Requirements

    • Participate in on-call rotation to support security investigations and assist with incidents as needed

  • Stay current with Splunk updates, security threats, and industry best practices
  • Other duties as assigned

    • What you'll bring to Zotec :

  • 3+ years of experience administering and supporting Splunk environments
  • Experience with Splunk Enterprise Security (ES) and / or IT Service Intelligence (ITSI)
  • Strong understanding of search processing language (SPL) and dashboard creation
  • Knowledge of log sources, parsing, and normalization techniques
  • Detailed technical knowledge of database and operating system security
  • Experience with Linux / Unix, Windows, and MacOS operating systems
  • Understanding of network security concepts and security monitoring
  • Strong analytical and problem-solving abilities
  • Excellent communication and documentation skills
  • Ability to work under pressure and adapt to changing priorities
  • Detail-oriented with strong organizational skills
  • Team-oriented and skilled in working within a collaborative environment
  • Ability to prioritize tasks and manage time effectively
  • Professionally exercises discretion and independent judgment in day-to-day work

    • Preferred :

  • Splunk certifications (Splunk Certified Admin, Architect, or similar)
  • Experience with cloud environments (AWS, Azure, GCP)
  • Experience integrating custom application logs and working with development teams
  • Knowledge of SIEM concepts and security frameworks (MITRE ATT&CK, NIST)
  • Advanced dashboard development skills including JavaScript, CSS, and XML
  • Scripting / programming experience (Python, PowerShell)
  • Familiarity with web-related technologies and protocols
  • Experience with Splunk Observability and Smartstore deployments

    • At Zotec, you will enjoy a network of highly experienced professionals in an environment where you can operate with autonomy yet have the resources and backing of other professionals in a similar role. Entrepreneurial and enterprising is the spirit of our team. If you are an original thinker and opportunity seeker, we'd like to talk to you! Learn more about our organization.

    serp_jobs.job_alerts.create_a_job

    Splunk Engineer • Meridian, ID, US