Splunk and SIEM Administrator

Location: Austin, Texas
The Collective Group is a nationally recognized leader in providing IT Infrastructure Services and Solutions in support of complex enterprise computing environments. Our clients range from Global 50 giants to mid-tier businesses highly dependent upon their IT infrastructure. We engage directly with end customers or often, through our significant partner relationships; all of whom rely on us to architect, design, install and manage their complex products in the field.

We are seeking a Splunk and SIEM Administrator.
The SIEM administrator will work closely with Management, Senior Engineers, Solution Architects, and clients to complete high profile, critical services to existing security Service offering.
  • Creation of procedures, implementation of processes and development of staff for maintaining security systems across our client’s environments.
  • Perform Operational Support task for Splunk systems consisting of Incident Break-Fix support, and Standard Service Request.
  • Work closely with Senior Engineers in supporting existing systems and initiatives.
  • Responsible for configuration of current enterprise security log source types into the SIEM.
  • Analyze and identify areas of improvement with existing processes, procedures and documentation.
  • Demonstrate how to use SIEM & Enterprise Security products to both technical/non-technical personnel.
  • Implement and configure SIEM software and appliance-based products in the enterprise environments.
  • 2+ years professional experience maintaining SIEM systems.
  • 1+ year professional experience writing SIEM content.
  • College degree or equivalent training with experience working in a Security Operations Center,    Managed Security, or client network environment.
  • Information security knowledge in one or more areas such as Enterprise end-point security products (i.e. McAfee E-Policy Orchestrator, Virus Scan, Anti-Spyware, Host Data Loss Protection, Endpoint Encryption, etc.)
  • Knowledge of Linux, UNIX and Windows Operating systems
Security Information and Event Manager (SIEM) specific requirements to include:
  • NitroSecurity, QRadar RSA Envision Network Firewall, Web Proxy, E-Mail and Web Gateway etc. to include: Palo Alto / Checkpoint / Juniper / McAfee / Cisco / Blue Coat / Imperva.
  • Understanding of network architecture and implementation is a must; ideal candidate will have worked with network security analysis.
  • Experience with content SIEM content creation, dashboard development, and reporting.
Splunk specific requirements:
  • Experienced with version 6.3 and newer
  • Splunk Enterprise Security
  • Splunk Power User
  • Splunk Admin
  • Knows Search Processing Language (SPL)
  • Excellent time management, reporting, and communication skills.
  • Superior IT problem-solving skills.
this job portal is powered by CATS