Splunk Enterprise Security (ES) Consultant - remote

System One

Arlington, WI(remote)

JOB DETAILS
SKILLS
Bash Scripting, CIM (Common Information Model), Consulting, Content Development, Data Modeling, Debugging Skills, Editing, Enterprise Protection, File Maintenance, Forwarder, Linux Operating System, Metrics, Network Operations Center, Onboarding, Outsourcing, Perl Programming Language, Python Programming/Scripting Language, Regular Expressions, Reporting Dashboards, Risk, Scripting (Scripting Languages), Security Information and Event Management (SIEM), Service Delivery, Software Administration, Splunk, Team Player, Trend Analysis
LOCATION
Arlington, WI(remote)
POSTED
7 days ago
Splunk Enterprise Security (ES) Consultant - remote

Remote – offsite
Responsibilities
  • Develop custom detection content: correlation searches, notable events, alerts, reports, and visualizations to surface threat activity
  • Build and maintain Splunk Apps and Technology Add-ons (TAs)
  • Onboard new data sources and normalize them to the Common Information Model (CIM)
  • Optimize data flow and ingestion using aggregation, filtering, and pipeline tuning
  • Configure notable event actions, action menus, and Adaptive Responses
  • Tune detections to cut noise and surface what matters, including risk-based alerting where applicable
  • Build dashboards that highlight anomalies, trends, and security and operational metrics
  • Support and optimize large distributed clustered Splunk environments (search heads, indexers, forwarders, deployment servers)
  • Partner with the client's security and SOC teams, debug complex integration and configuration issues
  • Document processes, procedures, and key engineering decisions
Requirements
  • Several years of hands-on Splunk experience, with real ES implementation, content development, and tuning
  • Strong SPL and regular expressions
  • Scripting in Python, Perl, or Bash
  • Solid grasp of CIM and data onboarding and normalization at scale
  • Experience supporting clustered Splunk environments in SOC or NOC settings
  • SIEM data modeling experience on a platform at scale
  • Proficiency in Linux, including editing and maintaining Splunk config files and apps
  • Comfortable working consultatively with client teams and explaining the why behind the work
  • Splunk certifications (Core Certified Consultant, ES Certified Admin, Architect) are a plus but not required
  • Demonstrated ES delivery experience carries more weight than paper
System One, and its subsidiaries including Joulé and Mountain Ltd., are leaders in delivering outsourced services and workforce solutions across North America. We help clients get work done more efficiently and economically, without compromising quality. System One not only serves as a valued partner for our clients, but we offer eligible employees health and welfare benefits coverage options including medical, dental, vision, spending accounts, life insurance, voluntary plans, as well as participation in a 401(k) plan.
System One is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, age, national origin, disability, family care or medical leave status, genetic information, veteran status, marital status, or any other characteristic protected by applicable federal, state, or local law.
#LI-KA1
#M1



Ref: #856-Baltimore-S1


About the Company

S

System One

Every day, System One focuses on services and solutions that require a high degree of specialization, in-demand technical skills, and large-scale operational expertise. We are essential partners to those on the front lines of our nation’s most critical infrastructure, technology, and life sciences initiatives. 

Founded more than 40 years ago as a staffing partner to the engineering industry, today System One is a diversified organization operating in over 50 locations and putting more than 9,000 people to work in the United States, Canada, and the United Kingdom.

COMPANY SIZE
2,500 to 4,999 employees
INDUSTRY
Staffing/Employment Agencies
WEBSITE
https://systemone.com