Senior Splunk Security Systems Administrator

Job Description

We are hiring a Senior Splunk Security Systems Administrator at Rackspace in San Antonio and Austin, Texas!
Rackspace is looking for candidates who have a solid Splunk experience and can work collaboratively with diverse end users. Candidates will perform tier II support for the SOC’s by providing expertise in the Splunk Enterprise Security SIEM as well as handle escalations from Splunk Security Analyst II. This includes working with data models, correlation searches, notable events, advanced searches and dashboards.

Responsibilities:

• Administer Splunk Enterprise Security solution in a highly available, redundant, distributed computing environment
• Create and optimize correlation searches
• Assist SOC with optimization and creation of ad-hoc security searches
• Work with Engineer to Ensure all data is CIM compliant
• Partner with the SOC’s to ensure they are using best practices when using Splunk Enterprise Security
• Perform Content Development to properly identify data feeding SIEM’s and correlation of events
• Assist in the proper operation and performance of Splunk, Search Heads and data models
• Monitor Splunk Enterprise Security internal logs to identify and resolve potential performance issues
• Provide recommendations and implement changes to optimize Splunk platform
• Reproduce customer issues, file bug reports and escalate cases to Splunk support as necessary
• Maintain Splunk systems internal documentation, including SOP’s and design documents
• Create technical documentation related to system configurations, process, procedure, and knowledgebase articles.
• Write and develop custom scripts, programs as needed
• Develop scripts to interact with Splunk API as needed

Minimum Requirements:

• 7+ years of IT experience in a technical position
• 4 years of hands-on experience with Splunk Enterprise Security
• Knowledge and Experience working with Splunk API
• Experience with one or more programming/scripting languages (e.g., Perl, Python, JavaScript)
• Experience with scripting languages (Perl, Bash, PowerShell, Python, Shell)
• Ideal candidate will have a strong background working as an Enterprise Security Analyst.

Education:

• Bachelor’s degree in a technical field such as computer science preferred.
• 4 years of Military Service or equivalent job experience may substitute for the degree requirement.
• Certified Splunk Administrator/Enterprise Security