Splunk Security Architect

Company Description

LCN Services, LLC, based in San Francisco, is an IT services, reseller, consulting and managed services organization that has been providing infrastructure software solutions to organizations nationwide since 2000. Specializing in next-generation big data and security solutions, we assist clients in evaluation, selection, architecture, design, implementation, and management of their mission-critical IT and security initiatives. Our solution architects employ their advanced technical expertise to develop solutions for hundreds of industry-leading organizations in all verticals. We are seeking highly motivated individuals to join our team of highly talented and professional associates.

Job Summary
  • Job ID: 7771
  • Remote: Yes
LCN Services is looking for a talented Splunk Security (ES) Architect. The ideal candidate has experience deploying Splunk Enterprise Security and/or Splunk Phantom to provide value in both an operations and security centric deployment.

Qualifications for the Role:

  • Robust experience in building, deploying, scaling, and troubleshooting the various facets of large scale Splunk clusters and supporting apps.
  • Proficiency with data ingest, data normalization (using community TAs, custom TAs or other solutions), search/query design and execution.
  • Proficiency with Splunk component utilization (e.g. Indexer loads and requirements, search head clustering, etc), component resourcing (e.g. underlying server specs), inter-component communications and tradeoffs (e.g. DNS vs IP tables, usage of SSL, etc) and underlying platform requirements.
  • Hands-on experience supporting/developing enterprise technology and network infrastructure
  • Familiarity with both Windows and Linux OS (RHEL, CentOS, Ubuntu)
  • Experience with SIEM technologies – implementation, tuning, troubleshooting
  • Understanding of networking protocols and network-level troubleshooting
  • Experience with developing and improving data pipelines
  • Solid understanding of data flow, data formatting/normalization, logging best practices and data forwarding between various security controls.
  • Experience with NOC and SOC operations
  • Hands-on experience with API integration across applications, networks, and cloud environments.
  • Splunk Certified Architecture certification is a major plus, but relevant experience or work history also considered.
  • BS/BA in Computer Science, Engineering or relevant field experience.

Desired Skills:

  • Consultant/Architect experience
  • Phantom/SOAR Experience
  • Splunk Certified Architect, CISSP¬†(preferred but not mandatory)
  • Strong verbal and written communication skills
  • A project focused mindset
  • Ability to travel: ~10%