Lead Splunk Data Architect (JR0037325)

McKesson

Description

McKesson’s Global Security Analytics Lead will be a key member of McKesson’s global Information Security and Risk Management (ISRM) team responsible for delivering actionable insights within security data analytics platforms . This individual will be the SME for data analytics platforms such as Splunk Cloud and will be responsible for the architecture, operation and support of data analytics and related technologies.

Responsibilities

· Architect, engineer, implement, and administer SIEM solutions in a highly available, redundant, distributed computing environment.
· Perform SIEM/Splunk component deployment, configuration and troubleshooting across a variety of platforms both on-premises and in public clouds.
· Optimize the operation and performance of Splunk Indexers, Search Heads and Forwarders and other SIEM related technologies used for Cyber Defense.
· Integrate data feeds (logs) into SIEM/Splunk from on-premises and cloud deployed devices and applications.
· Develop SIEM content and support other content developers using your expert knowledge of SPL.
· Support and enhance cutting-edge machine-learning-based security analytics Splunk applications deployed on Splunk Enterprise Security.
· Monitor Splunk internal logs to identify and resolve potential performance issues
· Automate frequently used process and work flows with scripts and programs utilizing your development skills.
· Create technical documentation including SOP's and design documents related to system configurations, processes, and procedures.

Minimum Requirements:
Requires 10+ years of professional work experience
BS/BA degree or equivalent experience.

Critical Skills
· 5+ years of IT experience in a technical position as an engineer, architect or system administrator within a large-scale mission critical enterprise environment.
· 3+ years of direct hands-on experience installing, configuring and administering SIEM tools.
· Certified Splunk Power User, Administrator, Architect or Architect II
· CISSP or GIAC certifications preferred
· Proficiency with Linux platforms, including shell scripting. Red Hat preferred. Bash preferred.
· Experience deploying, configuring and maintaining Splunk at scale.
· Experience writing complex SPL queries for dashboards, reports and apps.
· Experience developing custom Splunk apps for end users.
· Experience automating repetitive and error prone operations with scripting languages.
· Experience with additional logging/data pipeline technologies such as ELK, LogStash, Spark, Kafka, Fluentd, AWS Kinesis, etc.
· Experience deploying and developing content for Splunk Enterprise Security.
· Working knowledge of network infrastructure components (switches, routers, firewalls, proxies, load balancers, etc.)
· Team oriented with great communication and interpersonal skills.
· Ability to work on all aspects of large-scale projects including planning, prioritizing, executing, delivering, and sustaining.
· Experience working in an Agile environment using Scrum or Kanban methods.

Preferred/Desired Skills

· Professional experience developing software using C#, Java, Python or similar languages.
· Experience developing for and deploying to Public Cloud, AWS and Azure. Certification a plus.
· Experience or desire to explore cutting edge data analytics platforms, such as Azure Sentinel
· Working knowledge of machine learning concepts and experience with one or more Client platforms or toolkits.
· Team oriented with great communication and interpersonal skills.
· Ability to work on all aspects of large-scale projects including planning, prioritizing, executing, delivering, and sustaining.

Related Jobs