Splunk Architect | Luxembourg
Our Cyber Intelligence Centre (CIC) is a 24/7 managed security service monitoring and responding to Cyber threats, is helping organisations protect their networks, systems, applications, information and reputation in Real Time.
The Architect needs to have proven understanding of Enterprise Splunk Security and Analytic Information modelling concepts including the Splunk Common Information Model (CIM) and Splunk Data Models. This role is primarily project-based with varied areas of focus including architecture, deployment, platform expansion and the integration of data from various systems.
The role focus will be engineering the Splunk platform for internal and client groups and encompasses data on boarding, data engineering, structured field extractions, data model normalisation and use-case prototyping. These efforts will also require some amount of software development to properly manage complex data and to handle the integration of unique integration requirements for specific platforms.
- Work with global colleagues from both internal and external teams throughout the organisation to provide solutions via ongoing communications and consistent processes.
- On-board and cleanse data sources using CIM best practices for field extraction and Splunk Data Model optimisation's.
- Complete environment tooling, configuration, build, and documentation tasks with a focus on quality and ongoing platform supportability.
- Provide support for production platforms through health monitoring and root cause troubleshooting
- Develop tools to automate/improve existing processes and procedures in areas such as configuration management and run time tooling.
- Assist in the design, architecture and implementation of Splunk infrastructure with a focus on a wide variety of areas spanning performance analysis, platform optimisation, monitoring/metrics gathering to facilitate reporting/tuning, upgrades, process management, capacity planning, and relevant documentation using the available tools in a fashion consistent with existing policies and procedures
- Participate in technology evaluations and play an active role in suggesting improvements based on technology trends, best practices, and industry standards.
- Customer-focused Splunk Enterprise Security SIEM engineering background - SME knowledge of ES v4.7
- Direct experience with Splunk Engineering and data integration
- Prior SIEM Data modelling experience on similar platform at scale (>50 Servers)
- Scripting and development skills in Python/Perl with deep comprehension of regular expressions.
- Broad Linux/*nix Systems Administration experience.
- Exceptional communication/interpersonal abilities as a flexible, self-driven team member.
- Strong task management and organisational skills to insure balance and timely completion of ongoing efforts.