Description
Splunk Architect | France | Contract
Role Description
Goodman Masson are currently working exclusively on a new Splunk Architect position based in France, for a global leading Investment Banking organisation within their newly formed Threat Hunting Function.
Responsibilities
The Architect needs to have proven understanding of Enterprise Splunk Security and Analytic Information modelling concepts including the Splunk Common Information Model (CIM) and Splunk Data Models. This role is primarily project-based with varied areas of focus including architecture, deployment, platform expansion and the integration of data from various systems.
- Work with global colleagues from both internal and external teams throughout the organisation to provide solutions via ongoing communications and consistent processes.
- On-board and cleanse data sources using CIM best practices for field extraction and Splunk Data Model optimisation's.
- Complete environment tooling, configuration, build, and documentation tasks with a focus on quality and ongoing platform supportability.
- Provide support for production platforms through health monitoring and root cause troubleshooting
- Develop tools to automate/improve existing processes and procedures in areas such as configuration management and run time tooling.
- Assist in the design, architecture and implementation of Splunk infrastructure with a focus on a wide variety of areas spanning performance analysis, platform optimisation, monitoring/metrics gathering to facilitate reporting/tuning, upgrades, process management, capacity planning, and relevant documentation using the available tools in a fashion consistent with existing policies and procedures
- Participate in technology evaluations and play an active role in suggesting improvements based on technology trends, best practices, and industry standards.
Requirements
Essential:
- Customer-focused Splunk Enterprise Security SIEM engineering background - SME knowledge of ES v4.7
- Direct experience with Splunk Engineering and data integration
- Prior SIEM Data modelling experience on similar platform at scale (>50 Servers)
- Scripting and development skills in Python/Perl with deep comprehension of regular expressions.
- Broad Linux/*nix Systems Administration experience.
- Exceptional communication/interpersonal abilities as a flexible, self-driven team member.
- Strong task management and organisational skills to insure balance and timely completion of ongoing efforts.