True Zero Technologies
  • Rockville, MD, USA
  • Full Time

full benefits package

 True Zero Technologies is seeking a Splunk Engineer to join their team.

Required Skills:

  • Splunk Admin/Power User certification (Architect certified preferred)
  • Security Engineering background building Security Content in Splunk
  • Experience working alongside Security Operation Centers and Security Analysts
  • Experience designing and implementing ground up distributed Splunk installations including all Splunk server roles (Search Head, Indexers, Heavy Forwarders and Universal Forwarders, etc.)
  • Experience with advanced configuration of Splunk including Indexer Clustering and Search Head Clustering.
  • Experience maintaining and administering enterprise Splunk implementations.
  • Experience developing custom Splunk content including scheduled searches, reports, dashboards, etc.
  • Proficient at data on-boarding activities including custom parsing rules, custom Technology Add-On building according to Splunk's Common Information Model (CIM).
  • Experience configuring indexes, index routing, retention policies, etc.
  • Experience working in linux and windows environments, ability to configure:
    • Storage subsystems (I.e. partitioning, Volume Groups, Logical Volumes, etc.)
    • SELinux
    • Familiarity with different flavors of Linux distros (RedHat, CentOS, Ubuntu, etc.)
    • File Permission Settings (linux/windows)
  • Excellent written and oral skills, ability to work closely with multiple customers, manage expectations, and track engagement scope.


Ideal Skills:

  • Splunk Certified Field Readiness Training (CFRT, previously known as SCCII)
  • Splunk Architect II certification
  • Splunk Enterprise Security Implementation certification (Level 1 or 2)
  • Splunk IT Service Intelligence certification
  • Understanding of Syslog daemon configuration principles, ideally in Syslog-NG and RSyslog configurations.
  • Cloud experience (AWS, Azure, etc.)
  • Development and API experience (Python, Perl, XML)
  • SaltStack, Ansible, and other enterprise automation tool experience.
  • Hardware experience and storage experience (SAN, NAS, etc.)



The candidate will be involved in developing Security Content in Splunk's Enterprise Security SIEM tool and working closely with Security Analysts and Incident Responders to collect requirements and tune/develop detections.  Candidate will be responsible for documenting new content and providing continual tuning activities in support of the SOC.  In addition, the candidate will be responsible for working with the engineering team to administer an already existing large Splunk environment.  

As a TZT consultant, the candidate will receive access to the full knowledge base which is driven by the TZT community as well as the technical backing of the entire PS team.  TZT encourages collaboration and growth through information sharing and knowledge workshops.  The candidate will also have access to our internal Slack channel to stay connected with the team as well as the necessary tools to train, demo, test and grow their professional skills.


Type of experience required for the job:

U.S. Citizenship is required as this is in support of a Federal Customer.  Splunk engineer with experience managing and configuration Splunk environments, performing data on-boarding, developing custom content on Splunk platform, troubleshooting methodologies, and ability to walk customers through requirements gathering phase and develop appropriate system designs.

True Zero Technologies
  • Apply Now

    with our quick 3 minute Application!

  • * Fields Are Required

    What is your full name?

    How can we contact you?

  • Sign Up For Job Alerts!

  • Share This Page
  • Facebook Twitter LinkedIn Email
Logo Home Services Careers Contact