Splunk Lead Engineer

Wabtec Corporation is a leading global provider of equipment, systems, digital solutions and value-added services for freight and transit rail. Drawing on nearly four centuries of collective experience across Wabtec, GE Transportation and Faiveley Transport, the company has unmatched digital expertise, technological innovation, and world-class manufacturing and services, enabling the digital-rail-and-transit ecosystems. Wabtec is focused on performance that drives progress, creating transportation solutions that move and improve the world. Wabtec has approximately 27,000 employees in facilities throughout the world. Visit the company’s new website at: http://www.WabtecCorp.com.

It’s not just about your career… or your job title…it’s about who you are and the impact you are going to make on the world. Do you want to go into uncharted waters…do things that haven’t been done to make yours and someone else's life better? Wabtec has been doing that for decades and we will continue to do so! Through our people, leadership development, services, technology and scale, Wabtec delivers better outcomes for global customers by speaking the language of industry.

Summary:

The Enterprise Information security team is looking for a highly motivated Splunk Engineer reporting to the Senior Manager on the Incident Response Team as an escalation point identifying and addressing potential Splunk content security concerns. In this job, you’ll oversee Splunk Enterprise infrastructure and tune Splunk for optimal onboarding of data, performance, and capacity management.

Serves as the technical Splunk developer responsible for creating Security Information and Event Management (SIEM) content to monitor security events and detect potential security incidents across the enterprise. Responsible for SIEM content management, content creation, rule tuning, reporting and alert creation.

Duties and Responsibilities:

• Lead onboarding new data sources into Splunk, analyze data for any anomalies and trends, and build dashboards highlighting key trends by working with analysts and management.

• You will contribute to the design and delivery of a scalable and optimized SIEM/SOAR solution with the goal of real time threat detection with automated response capabilities.

• You will work with like-minded people on your team and in partnership with the Security Operations Center (SOC), Threat Intelligence, and Incident Management teams to help develop a pipeline of relevant and real-world threat detections and hunt use cases.

• Advise junior team members in the building of dashboards to fulfill stakeholder requirements.

• Assist in creating the performance alerts from the Splunk infrastructure or Splunk agents.

• Provide skillful knowledge within a Linux environment, editing and maintaining Splunk configuration files and apps.

• Work with Stakeholders to gather content or alerting requirements, perform content troubleshooting, and aid with the creation of Splunk search queries and dashboards as required.

• Interact with senior management, as necessary.

• Document and update the content process and maintain team project repository for team metric.

• Actively seek to improve and develop new content based upon observed security activity.

• Provide excellent customer service.

Minimum Qualifications: (To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.)

• Bachelor's degree in Computer Science or Business Administration, or relevant educational or professional experience.
• Minimum 4 years of related technology experience.
• Minimum 3 years of experience with Splunk Administration.
• Minimum 1 years of leadership/management experience.

Knowledge, Skills and Abilities:

• Work ethic: sense of ownership, ready to work on unattractive tasks/projects for the benefit of the company
• Resilience: not to be put down by failure / obstacles / rejection
• Willingness to invest time and effort into building long term relationships with stakeholders in IT services
• Critical thinking: looking for improvements, not accepting the way things are done for granted
• Ability to plan activities for oneself and others, understand dependencies between own work product and inputs to others 
• Analytical ability to dissect a problem and find a root cause
• Be highly empathic and passionate about creating successful teams and high trust environments.
• Be experienced in doing this remotely, as our teams are globally distributed.
• Be driven towards automating repetitive tasks for project teams, project management and scrum domains.
• Strong Working Knowledge of the Splunk Platform.
• Strong experience in analyzing, troubleshooting, and providing solutions for technical issues.
• Experience with Splunk Enterprise Security.
• Experience in Developing Splunk Dashboards, Report, Alerts, Visualizations and Optimize searches.
• Experience in requirement gathering and documentation.
• Experience in Log parsing, lookups, calculated fields extractions using regular expression(regex).
• Experience with Data Models
• Experience with writing correlated searches
• Hands-on Experience in Splunk Content Development.
• Determines methods and procedures on new assignments with minimal instruction,
• Excellent interpersonal and organizational skills.
• Understanding of all Splunk backend components
• Splunk Admin Certification

Physical Demands: (The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.)

• Some lifting (up to 30 lbs.). 
• Long hours on computer keyboard.
• Prolonged periods of standing and/or walking. 

Wabtec Corporation is committed to taking on the world’s toughest challenges. In order to fulfill that commitment we rely on a culture of leadership, diversity and inclusiveness. We aim to employ the world’s brightest minds to help us create a limitless source of ideas and opportunities. We believe in hiring talented people of varied backgrounds, experiences and styles…people like you! Wabtec Corporation is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or protected Veteran status. If you have a disability or special need that requires accommodation, please let us know.