- IMMEDIATE START!!
- Contract/Perm - Your Choice!
- Remotely Work From Home
FinXL IT Professional Services is a leading IT services organisation providing a broad range of solutions to assist large Australian enterprises and Government departments to deliver IT projects.
We are currently seeking someone with expertise in the Splunk ES skillset. Note that you must have Splunk Enterprise Security Certification or hands on experience. The resource will be predominantly working in the Security space Administering Splunk Enterprise Security and working with the SOC to perform Integration and Tuning for the Platform.
- Configure, maintain, and create functionality on Splunk ES platform
- Bring bulk data into Splunk ES CIM compliance
- Integrate data into ES notables
- Tune notables / detections for improved accuracy
- Create automations and frameworks to improve the effectiveness of Integration and Tuning team activities
- Work with platform owners and Splunk administrators to improve data and detection quality
Attributes + Experience
- Demonstrated experience with Splunk ES
- Experience with data ingestion/onboarding to Splunk using monitoring inputs, network inputs, scripted inputs and RestAPIs
- Experience with the Splunk Machine Learning Toolkit preferred
- Splunk Architect Certification
- Splunk Enterprise Security Certified Admin
- Python development experience
- Experience undertaking OS level sysadmin tasks
- Agile working environment
- Problem Solving