Bachelor’s Degree in Computer Science, Information Technology or Information Security.
Post-baccalaureate education, professional development and/or certification programs
3-5 years information security operations, data analysis, and/or related IT operational functions
3+ years using Splunk and/or Splunk ES
Required Skills, Knowledge and Abilities:
• Proven ability to support large scale Splunk or similar event logging solutions (ArcSight, QRadar, LogRythm, ESM…) • Expertise in application monitoring and event log management. • Extensive experience creating alerts, dashboards, and reports. • Demonstrates the ability to extract meaningful events from operating system, database, application and security platform data. • Understanding of Unix/Linux and Windows operating systems. • Certification in one or more of: o Splunk Enterprise o Splunk Enterprise Security o Threat Intelligence o Intrusion Detection or Response o Security Monitoring • Demonstrable expert knowledge of Splunk Best Practices, Security Operations, Workflows and Processes. • Demonstrable experience creating, designing and maintaining tools written in at least one major language: Python, Ruby, Java, Perl, etc. • Experience working with APIs and custom scripting solutions to solve unique institutional problems. • Excellent written and verbal communication skills are required. Ability to communicate effectively with business representatives in explaining impacts and strategies when necessary.
Preferred Skills, Knowledge and Abilities:
• Data analysis and visualization background; Experience having told stories with data before, in a professional or academic setting. • Demonstrable knowledge of databases and data storage concepts • Understanding of Splunk ES Information modelling concepts • Experience with machine learning concepts, packet analysis, and reverse engineering algorithms