SOC L3 Analyst

Job Title: SOC L3 Analyst

Location(s): New Jersey, NJ

Overview:

• The Splunk Level 3 Engineer will be responsible for ensuring the successful deployment, operation, optimization, and troubleshooting of Splunk environments.
• This role requires in-depth technical knowledge of Splunk's advanced features, system architecture, integration with other tools, and performance tuning.
• As a senior technical expert, the Splunk Level 3 Engineer will provide leadership and mentoring to junior engineers and assist in problem resolution, root cause analysis, and driving continuous improvement of Splunk operations within the organization.

Splunk System Administration:

• Manage, configure, and support Splunk environments (indexers, search heads, forwarders, etc.).
• Perform regular upgrades and patches to ensure systems are running on the latest versions of Splunk.
• Monitor and ensure the health, performance, and scalability of Splunk deployments.
• Troubleshoot complex Splunk issues, including indexing, search performance, and deployment problems.

Log Data Integration & Parsing:

• Develop and maintain Splunk inputs, data forwarding, and data parsing mechanisms.
• Integrate a wide variety of data sources, including security devices, networking equipment, applications, and more.
• Optimize event collection and processing for efficient indexing and search performance.

Search Optimization & Query Performance:

• Optimize Splunk queries (SPL - Search Processing Language) for speed and efficiency.
• Troubleshoot slow or inefficient searches and recommend improvements to data models, indexing strategies, or search queries.
• Design and implement advanced Splunk queries, alerts, and dashboards for security, performance monitoring, and operational intelligence.

Splunk Security Monitoring:

• Design, implement, and maintain security and compliance use cases using Splunk.
• Integrate Splunk with security technologies (SIEM tools, firewalls, intrusion detection/prevention systems, etc.).
• Perform advanced threat hunting, incident response, and security data analysis within Splunk.

Technical Support and Troubleshooting:

• Provide L3 technical support to internal teams and clients for complex issues, including performance problems, data indexing, and search issues.
• Participate in root cause analysis and post-incident reviews for major Splunk-related incidents.
• Provide on-call support for Splunk incidents as needed.

Architecture & Best Practices:

• Design and implement Splunk architectures that are scalable, highly available, and fault-tolerant.
• Recommend and implement Splunk best practices for large-scale, enterprise-level deployments.
• Collaborate with other teams (network, security, storage, cloud, etc.) for seamless integration and optimal Splunk operations.

Documentation & Reporting:

• Develop and maintain documentation related to Splunk deployment, configuration, and troubleshooting procedures.
• Generate reports, dashboards, and alerts that provide visibility into system health, security posture, and performance metrics.
• Prepare detailed technical reports for leadership and stakeholders.
• Mentorship & Collaboration:
• Mentor junior-level Splunk engineers, sharing knowledge and helping with professional development.
• Work closely with cross-functional teams (DevOps, Security, IT) to design and implement solutions using Splunk technology.
• Participate in knowledge-sharing sessions and improve team performance through collaboration.

Required Skills & Qualifications:

Experience:

• 5 years of hands-on experience with Splunk administration, deployment, and troubleshooting in large, distributed environments.
• In-depth knowledge of Splunk architecture (forwarders, indexers, search heads, cluster setup).
• Proven experience integrating Splunk with various data sources (syslog, APIs, cloud services, etc.).
• Strong experience with Splunk query language (SPL), data models, and dashboards.

Technical Skills:

• Proficiency in Splunk Enterprise and Splunk Cloud deployment, configuration, and maintenance.
• Experience with Splunk deployment techniques, including forwarders, indexers, and clustered environments.
• Strong understanding of security log management, SIEM, and security operations workflows.
• Experience with systems administration, especially Linux/Unix-based environments. Advanced troubleshooting and performance tuning in Splunk.

Certifications (Preferred):

• Splunk Certified Admin or Architect.
• ITIL Foundations or equivalent IT service management certifications.

Tools & Technologies:

• Experience with additional log management and SIEM tools is a plus (e.g., ELK stack, Graylog, etc.).
• Familiarity with cloud platforms (AWS, Azure) and cloud-native logging systems.
• Scripting and automation skills (Python, Bash, PowerShell, etc.).

Soft Skills:

• Strong analytical and problem-solving abilities.
• Excellent written and verbal communication skills.
• Ability to work in a team-oriented, collaborative environment.
• Ability to prioritize and manage multiple tasks and projects.
• Strong attention to detail and commitment to quality.