Splunk Engineer
Seattle, WA

Job Description

About Coalfire

As a trusted advisor and leader in cybersecurity, Coalfire has nearly 20 years in IT security services. We empower organizations to reduce risk and simplify compliance, while minimizing business disruptions. Our professionals are renowned for their technical expertise and unbiased assessments and advice. We recommend solutions to meet each client's specific challenges and build long-term strategies that can help them identify, prevent, respond, and recover from security breaches and data theft. We're on the cutting edge of one of the world's most important industries, and we protect our clients from ever-evolving security threats through our innovative advisory, auditing, and ethical hacking solutions.

The Cyber Defense Consulting group is one of the fastest growing teams within Coalfire and is currently seeking Splunk Engineers to support remotely or work in our Reston, Seattle, Dallas and Denver offices. Current Cyber Defense Engineers support clients ranging from the Fortune 50 to cutting-edge start-ups, presenting a wide variety of challenges and experiences as well as opportunities to travel across the U.S., Europe, Asia, and the Middle East.

What you'll do

In this role, you'll be responsible for deploying and optimizing Splunk for high-profile, large scale AWS, Azure, and GCP-based solutions. You will be responsible for developing scalable Splunk architectures that will meet the needs of the client use-cases, as well as compliance and security best practices in the client cloud environment. The implementation will be responsible for centralizing log ingest and establishing monitoring, dashboarding, and alerting of all client-related security events within the system boundary. With this centralized data, customers will be capable of meeting security best practices and compliance requirements, as well as supporting automated server routines and optimizing system performance.

In this role, you will:

* Serve as a technical expert supporting one or more customers and associated user groups to solve business and technical problems with specialized SIEM technologies
* Perform highly specialized technical tasks associated with cutting-edge deployment methods
* Serve as a technical task or project leader in the development a best-of-breed SIEM deployment
* Support data on-boarding, create or enhance field extractions and add-ons for commonly used fields
* Create scripts as appropriate to retrieve information from external sources, or from the SIEM itself
* Provide routine reporting from the aforementioned technical implementation and improvements of the dashboards, portals, field extractions, and add-ons
* Maintain current knowledge of relevant developments in area of expertise
* Create formal documentation such as reports, training material, slide decks, and architecture diagrams
* Communicate with customer stakeholders to include leadership, support teams, and system administrators
* Provide guidance to junior engineers and clients by advising on best practices
* Function as a member of the engineering team participating in technical assessments and cyber advisory for a variety of clients in both commercial and Federal markets
* Assess client security posture using automated tools and manual review of systems and architecture
* Participate in internal and external security trainings and conferences

What you'll bring

* Bachelor's degree (four-year college or university) in an IT-related field or equivalent combination of education and experience
* 2+ years of work experience with Linux and/or Windows system administration and cyber security
* 1-2 years of direct experience with Splunk performing deployments and optimization of all components (Indexers, Search Heads, Deployment Servers, Cluster Masters, Universal Forwarders, etc.)
* Experience with distributed Splunk environments (not single-box deployment)
* Cloud environment experience (AWS, Azure, GCP, etc.)
* Strong proficiency in Bash
* Knowledge of cloud-native system monitoring, notifications, and logging tools (i.e. Icinga, CloudWatch, Trivoli, Vegas, CloudFront, Logstash, etc.)
* Ability to travel up to 10%

Bonus Points

* Proficient knowledge of NIST-based compliance frameworks (FedRAMP, FISMA, etc.)
* Understanding of best practices with regards to AWS, Azure, and GCP systems development processes
* Experience with Splunk Enterprise Security (Splunk ES)
* Proficiency in other scripting languages (i.e. Ruby, Python, Perl, etc.)
* Experience collaborating with and/or partnering with infrastructure service providers
* Basic understanding of software/application development processes
* Experience building cloud node instances for development, test, and production environments
* Experience building sophisticated and automated infrastructure
* Experience developing and maintaining auto scaling and cloud load balancing capabilities
* Understanding of access management and security groups (i.e. LDAP, 1AM, S3 bucket, CloudTrail, SSH, VPN, etc.)
* Splunk Certified Admin, Splunk Certified Architect (preferred), or Splunk Certified Consultant (I/II)

Why you'll want to join us

Our people make Coalfire great. We work together on interesting things and achieve exceptional results. We act as trusted advisors to our customers and are committed to client-focused innovation as well as innovation in the industries that we serve. Coalfire offers our people the chance to grow professionally with colleagues they like and respect while tackling challenges that stretch their minds and expand their skill sets. We're connected by our desire to innovate and our goal of helping to make the world a more secure place.

Coalfire's high energy, challenging, and fast-paced work environment will keep you engaged and motivated. Work-life balance is a core priority at Coalfire - we work hard and we play hard, and the two often overlap. We host family-friendly events and happy hours along with professional meetups and informal networking sessions, and we're active in our communities. Plus, we offer great benefits, including:

* Flexible paid time off (employees are encouraged to spend four weeks away from the office each year)
* Health, dental, and vision insurance with an employer contribution
* A generous 401(k) plan
* Semi-annual bonus program based on personal and company performance
* Tuition and training/certification reimbursement

Coalfire is an EEO employer.