The Content Engineer is an experienced Big Data Architect with Experience in Splunk, Elasticsearch, Logstash, Kibana (ELK), Beats and Hadoop. They work during normal business hours and are responsible for the development of content in Splunk. For an engineer to operate at this level, they should have a background in providing overall engineering and design support for large distributed Splunk environments (4 TB+ daily volume) consisting of heavy forwarders, indexers, and search head servers, spanning security, performance, and operational roles. The content engineer supports the full system engineering life-cycle, including requirements analysis, design, development, integration, test, documentation, and implementation following defined best practices and operational workflows.
- Partner with other enterprise teams to support data capture and advanced data analytics and forecasting efforts to support proactive identification of issues. Works with a standing dev, threat and forensics team to develop content for use-case alerting.
- Develop advanced scripts for the manipulation of multiple data repositories to support analyst requirements.
- Responsible to design, engineer, configure and administer Splunk content.
- Assists in the proper operation and performance of Splunk, plug-ins, loggers and connectors and build Splunk reports as and where required.
- Responsible for maintaining hardware and corporate infrastructures utilizing configuration management systems and responsible for operational maintenance.
- Create, optimize, and continuously evaluate security monitoring content (correlated searches/alerts) and Develop dashboards with visual metrics for stakeholders.
- Design the Splunk or ELK system solution to meet growth while maintaining a balance between performance, stability, scalability and agility and provide recommendations and implement changes to optimize Splunk products in the production environment.
- Set up and configure Splunk search servers, deployment servers, clustered indexers, and forwarders, as required.
- Configure integration points and verify functionality in the technical evaluation environments.
- Define strategy and design around data collection, aggregations, and summarization processes and Integrate external data sources into Splunk or Logstash.
- Familiar with developing and configuring systems and servers to provide reliable tools for analysts.
- Mandatory Certifications: Splunk Certified Architect, and Elastic Search Engineer.
- Experience with Splunk, network security, system security, and supporting security information and event management (SIEM) systems.
- Demonstrated experience in the implementation of information engineering projects, systems analysis, design and programming using standard tools and methods.
- Windows sysadmin skills a plus.
- Degree in Computer Science, Information Systems, Engineering, Telecommunications, or other related scientific or technical discipline is desired.
- Demonstrated experience in creation of complex detection and alerting logic and log source onboarding for security focused.
- Strong Linux Systems Administration skills, including configuration, troubleshooting, and automation.
- Certifications Desired: Splunk Certified Architect II, and Elastic Seach Engineer II.
- Four (4) additional years of general experience (as defined below) may be substituted for the degree.
Qualification & Experience:
- Degree or Honours (12+3 or equivalent)
- 5+ Years Experience
Vacancy Type: Full Time
Job Location: Karachi, Sindh
Application Deadline: N/A