Splunk Engineer

We have an opportunity with a Federal Government Department where their Digital Strategy & Cyber Security branch is seeking to engage a Splunk Engineer to lead the engineering, administration and tuning of a highly complex Splunk environment.

This is a 12-month contract role, with the possibility of a further 12 months extension. The preference is to have someone located in Canberra, ACT, however remote working may be suitable to support the requirements of this role and the Department will support flexible working hours and location, based on the skills and experience of the right Candidate.

Please note, to apply applicants must have the following:

• The requisite skill and experience defined below,
• Must be an Australian Citizen with Baseline Security Clearance,
• At least 5+ year's relevant local working experience in the field.

Role background:

The Splunk Engineer will be responsible for maintaining the overall Splunk architecture and the effectiveness and efficiency of the SIEM. This includes proficiency in managing search heads, indexers, deployment servers and heavy forwarders. To assist the mission of the SOC, a strong understanding of Enterprise Security and SOAR is required. The Splunk Engineer will work closely with other members of the SOC and Cyber security team.

The Splunk engineer should also demonstrate advanced knowledge of Splunk Cloud and the configuration of federated search. The Splunk engineer will engage with end users, external teams and vendors to gather requirements, troubleshoot issues, and provide support for the creation of Splunk search queries and dashboards. The Splunk engineer will require good understanding of ITIL and change processes.

Key Responsibilities:

• Manage Splunk Cloud environment application updates, dashboarding, integrations and health checks
• Onboard new data/log sources
• Run queries and searches to inform SOC requests
• Perform data quality and data model assessments on a periodic basis
• Maintain Heavy Forwarding logging infrastructure
• Maintain existing on premise Splunk enterprise and SOAR - including patching, application updates integrations and health checks
• Assist in playbook and automation maintenance
• Assist in Use Case development
• Investigate technologies to assist with vulnerability analysis and remediation efforts
• Stay up-to-date with the latest security threats, vulnerabilities, and trends in the cybersecurity industry.

Notes:

• Only shortlisted candidates will be contacted.
• Your daily rate will depend on skills and experience.
• Flexible (hybrid) working hours and location, based on skills and experience, will be considered.
• Start date is likely to be late February 2024.

If you feel this role is for you, then please press "Apply" now -->