SIEM Data Onboarding Engineer - JB - (3415)

This role demands a deep understanding of Splunk architecture, data onboarding, and user management to support business needs and security operations. Responsibilities Design, deploy, and manage Splunk infrastructure Develop and maintain Splunk dashboards, queries, and alerts Integrate Splunk with various data sources to ensure comprehensive data ingestion Monitor and troubleshoot Splunk performance issues Collaborate with cross-functional teams to gather requirements and provide Splunk solutions Implement and enforce best practices for Splunk data management and retention Provide user training and support for Splunk-related activities Job Requirements 2+ years of experience in managing and configuring Splunk, 2+ years of experience in Splunk architecture: indexers, search heads, forwarders, deployment server and 1+ year with Splunk REST API for automation and operational tasks 2+ years configuring Cribl sources, destinations, routes and collectors 2+ years building pipelines to parse, normalize, enrich, mask/dedup, and route data to Splunk and other targets and 2+ years authoring/maintaining props.conf, transforms.conf, inputs.conf, outputs.conf and packaging Apps/TAs 2+ years in Linux and Windows administration: file paths, services, permissions, and log locations 1+ year with basic familiarity with Cribl Redmap/JavaScript functions 1+ year with regex skills for field extraction and event breaking Active TS/SCI clearance; willingness to take a polygraph exam Associate’s degree and 5+ years of experience supporting IT projects and activities, OR Bachelor’s degree and 3+ years of experience supportin...