Splunk SIEM Engineer
Resource Management Concepts, Inc. · Crane, IN · 2 wk ago
HybridInformation TechnologyFull-time
Key Responsibilities
- Lead the transformation of the Splunk environment into a fully functional SIEM platform
- Manage and optimize the data ingestion pipeline
- Audit existing data sources for relevance and efficiency
- Eliminate unnecessary data ingestion to control licensing costs
- Onboard and integrate new data sources
- Parse, normalize, and map ingested data to the Splunk Common Information Model (CIM)
- Configure, maintain, and optimize Splunk Enterprise Security (ES)
- Configure, maintain, and optimize Splunk security orchestration, automation, and response platform (SOAR)
- Develop and maintain correlation searches, detections, and use cases
- Create and tune alerts to improve fidelity and reduce false positives
- Create and tune dashboards and visualizations for operational awareness and trend analysis
- Maintain platform health and performance
- Perform system upgrades, patching, and capacity planning
- Manage intra Splunk certificates
- Manage the lifecycle of security content
- Continuously refine detections and correlation rules
- Enhance visibility and detection coverage based on emerging threats
- Ensure consistent SIEM operations regardless of hosting environment or infrastructure ownership
- Support ongoing security operations and future cybersecurity initiatives
Requirements
- A SecurityX, CASP, or equivalent DoD 8140 IAT-3 certification is required
- An interim DoD Secret security clearance or higher is required to start. Applicant selected may be subject to a security investigation and must meet eligibility requirements for access to classified information
- Hands-on experience with Splunk Enterprise and Splunk Enterprise Security (ES)
- Strong understanding of SIEM architecture, design, and operations
- Experience with log ingestion, parsing, normalization, and CIM mapping
- Proficiency in developing correlation searches, alerts, and dashboards
- Experience tuning SIEM content to reduce false positives and improve detection accuracy
- Familiarity with data onboarding strategies and license optimization
- Knowledge of cybersecurity principles, threat detection, and incident response
- Experience with system administration tasks including patching, upgrades, and performance monitoring
Preferred Qualifications
- Experience operating Splunk in distributed or multi-tenant environments
- Knowledge of data pipelines and log forwarding technologies (e.g., syslog, APIs, forwarders)
- Familiarity with frameworks such as MITRE ATT&CK
- Experience supporting Zero Trust or advanced security architectures
Benefits
- RMC differentiates itself from other firms through its investment in our employees.
- We invest our resources to train, certify, educate, and build our employees.
- This also includes a competitive paid vacation package with 11 paid federal holidays.
- We also offer high-quality, low-deductible healthcare plans, pet insurance, and a competitive 401K package.
- Salary at RMC is determined by various factors, including but not limited to location, a candidate's specific combination of education, knowledge, skills, competencies, and experience, as well as contract-specific requirements.