Splunk Enterprise Security (ES) Implementation Specialist

Ellington Solutions is seeking out qualified candidates that will:

• Oversee the comprehensive deployment, configuration, and operational implementation of Splunk ES to support the expansion of our cybersecurity program.
• Take charge of onboarding various data sources, fine-tuning correlation searches, tailoring security content, and facilitating actionable security insights throughout the organization.
• Plan and execute the implementation of Splunk ES, which includes gathering requirements, designing the architecture, and carrying out the deployment.
• Onboard and standardize log data from diverse sources (such as firewalls, endpoint security systems, and cloud platforms) to comply with the Common Information Model (CIM).
• Configure and optimize Splunk ES's correlation searches, dashboards, and notable event rules to address specific business security needs.
• Work in collaboration with security operations and engineering teams to integrate threat intelligence feeds, ticketing systems, and SOAR platforms.
• Create and document procedures for incident detection, alert triage, and response workflows utilizing Splunk ES.
• Continuously enhance the performance, storage, and detection capabilities of ES to minimize false positives and enhance signal quality.
• Offer training and support to analysts and other stakeholders on effectively utilizing Splunk ES for threat detection and investigation.
• Keep informed about emerging threats and Splunk security best practices to consistently improve detection capabilities.

The qualified candidate will have:

• US Citizenship (Required)
• A minimum of Secret clearance (Required)
• A minimum of 3 years of practical experience with Splunk, particularly in Enterprise Security (ES).
• Comprehensive understanding of log data, SIEM architecture, and core cybersecurity principles.
• Experience in data onboarding and normalization processes utilizing Splunk CIM.
• Demonstrated capacity to compose and enhance SPL (Search Processing Language) queries.
• Knowledge of security use cases, including threat detection, insider threats, compliance requirements, and vulnerability monitoring.
• Strong analytical and problem-solving abilities, coupled with a keen attention to detail.
• Exceptional communication and documentation skills.
• Possession of Splunk certifications (e.g., Splunk Core Certified Power User, Splunk Enterprise Security Certified Admin).
• Experience in integrating SOAR platforms or automation tools.
• Understanding of regulatory compliance frameworks (e.g., PCI-DSS, HIPAA, NIST).
• Familiarity with threat intelligence platforms and data feeds (e.g., STIX/TAXII, MISP).