Splunk developer

Role: Splunk Intel Developer

Duration: Long term contract

Location: Wilmington, DE (Onsite)

Exp – 8

We are seeking an experienced and skilled Splunk Intel Developer to join our team and play a key role in integrating threat intelligence into Cribl and Splunk platforms. The ideal candidate will have a strong understanding of pipeline management in Cribl, experience with lookups, and a proven ability to work with large datasets, optimizing them for large retroactive queries. This is an exciting opportunity to leverage your expertise in Splunk content development and threat intelligence while helping to enhance the security capabilities of the organization.

Key Responsibilities:

• Threat Intelligence Integration: Integrate threat intelligence feeds and external threat data into Splunk and Cribl, ensuring effective correlation and analysis within security use cases.
• Cribl Pipeline Management: Manage and optimize data pipelines in Cribl, ensuring seamless integration of various data sources while maintaining high efficiency and scalability.
• Lookup Management: Work with Splunk lookups to enrich event data, leveraging threat intelligence to enhance data quality and accuracy for analysis.
• Data Optimization: Collaborate with teams to design and implement data ingestion strategies, ensuring large datasets are optimized for fast, efficient querying, particularly for retroactive queries.
• Splunk Content Development: Develop and maintain Splunk apps, knowledge objects, search queries, and dashboards to facilitate security analysis and alerting.
• Threat Detection and Correlation: Develop and implement custom detection rules and correlation searches that leverage threat intelligence data for proactive security monitoring.
• Collaboration: Work closely with security analysts, threat hunters, and other stakeholders to ensure that the integration of threat intelligence is aligned with organizational security objectives.
• Performance Tuning: Troubleshoot and resolve performance issues in Splunk searches, queries, and dashboards, ensuring high system availability and responsiveness under large query loads.
• Documentation: Create and maintain documentation on the integration processes, pipeline management, and content development for internal knowledge sharing.

Required Skills and Qualifications:

• Experience with Splunk: 5 years of experience working with Splunk Enterprise Security (ES) or Splunk Cloud. Hands-on experience in content development, including search queries, dashboards, alerts, and reports.
• Experience with Cribl: Proficient in managing and optimizing data pipelines using Cribl LogStream or similar data management tools. Knowledge of the ingestion process, filtering, and routing strategies.
• Threat Intelligence Integration: Solid understanding of threat intelligence concepts, including the integration of TI feeds into SIEM platforms like Splunk.
• Lookup and Data Enrichment: Experience working with Splunk lookups and field extraction to enrich data for enhanced search and analysis.
• Data Optimization: Demonstrated ability to manage and optimize large datasets for performance, particularly in high-volume environments. Experience with large-scale data queries and retroactive analysis.
• Security Experience: Strong knowledge of security operations, including threat detection, incident response, and use case development in Splunk.
• Scripting/Programming: Proficiency in Python, Shell scripting, or other programming languages for automating tasks and optimizing data flows.
• Analytical Skills: Ability to analyze large volumes of security data and distill actionable insights for security operations teams.
• Problem Solving: Strong troubleshooting and problem-solving skills, especially with large, complex datasets.
• Collaboration and Communication: Excellent communication skills with the ability to explain technical concepts to non-technical stakeholders and collaborate effectively across teams.

Preferred Qualifications:

• Splunk Certifications: Splunk Power User, Splunk Certified Admin, or Splunk Certified Architect certification is a plus.
• Threat Intelligence Platforms: Familiarity with commercial and open-source threat intelligence platforms (e.g., MISP, STIX/TAXII).
• Cloud Security Experience: Experience working in cloud environments, such as AWS, Azure, or GCP, and integrating cloud-native threat intelligence into Splunk.