Zotec Partners
Splunk Security Engineer
At Zotec Partners, our people make it happen. Transforming the healthcare industry isn't easy. But when you build a team like the one we have, that goal can become a reality. Our accomplishments can't happen without our extraordinary people
the men and women across the country who make up our diverse Zotec family and help make this company a best place to work. Over 25 years ago, we started Zotec with a clear vision, to partner with physicians to simplify the business of healthcare. Today we are more than 900 employees strong and we continue to use our incredible talent and energy to bring that vision to life. We are a team of Innovators, Collaborators and Doers. We're seeking a Splunk Security Engineer to join us. We are seeking a skilled Splunk Security Engineer to join our Information Security team. In this role, you will be responsible for the administration, optimization, and support of our Splunk environment, including Splunk Enterprise, Splunk IT Service Intelligence (ITSI), Splunk Enterprise Security (ES), and Splunk Cloud deployments. You will work closely with cross-functional teams to enhance our security monitoring capabilities, develop dashboards, create efficient searches, and ensure the reliability of our Splunk infrastructure. What you'll do:
Splunk Implementation and Maintenance
Administer and maintain our Splunk Enterprise environment and Splunk Cloud setup Deploy, configure, and update Splunk Enterprise Security (ES) and IT Service Intelligence (ITSI) Coordinate and configure new Splunk resources as needed Configure and secure Splunk endpoints Install, configure, and update various Splunk applications and add-ons from Splunkbase Keep Splunk and Splunkbase apps up to date Run periodic health checks on Splunk systems Manage Splunk deployments to servers and workstations Update user index permissions
Dashboard and Search Development
Design, develop, optimize, and maintain Splunk dashboards, reports, and alerts Create and refine search queries using SPL to improve detection capabilities Develop custom visualization solutions to meet specific business requirements Create reusable dashboard components to ensure consistency across the environment Implement role-based access controls for dashboards and reports Provide training and support to end users on dashboard functionality Assist team members with dashboard creation and search building Extract complex fields from different types of log files using regular expressions
Data Ingestion and Management
Onboard and integrate new data sources into the Splunk environment Setup Splunk Technical Add-ons (TAs) for ingestion Configure and implement HTTP Event Collector (HEC) tokens Setup proper parsing and field extractions for custom log types Validate and refine Splunk license usage based on incoming logs Work with development teams to implement logging standards for custom applications Support cloud-based ingestion from AWS, Google Cloud, and SaaS platforms
Troubleshooting and Support
Troubleshoot Splunk-related issues and performance problems Assist Security and Operations teams with incident investigations using Splunk Provide on-call support during security incidents and investigations Assist with Universal Forwarder troubleshooting Perform analysis on log data and troubleshoot missing log errors from sources
Collaboration and Requirements
Participate in on-call rotation to support security investigations and assist with incidents as needed Stay current with Splunk updates, security threats, and industry best practices Other duties as assigned
What you'll bring to Zotec: 3+ years of experience administering and supporting Splunk environments Experience with Splunk Enterprise Security (ES) and/or IT Service Intelligence (ITSI) Strong understanding of search processing language (SPL) and dashboard creation Knowledge of log sources, parsing, and normalization techniques Detailed technical knowledge of database and operating system security Experience with Linux/Unix, Windows, and MacOS operating systems Understanding of network security concepts and security monitoring Strong analytical and problem-solving abilities Excellent communication and documentation skills Ability to work under pressure and adapt to changing priorities Detail-oriented with strong organizational skills Team-oriented and skilled in working within a collaborative environment Ability to prioritize tasks and manage time effectively Professionally exercises discretion and independent judgment in day-to-day work Preferred: Splunk certifications (Splunk Certified Admin, Architect, or similar) Experience with cloud environments (AWS, Azure, GCP) Experience integrating custom application logs and working with development teams Knowledge of SIEM concepts and security frameworks (MITRE ATT&CK, NIST) Advanced dashboard development skills including JavaScript, CSS, and XML Scripting/programming experience (Python, PowerShell) Familiarity with web-related technologies and protocols Experience with Splunk Observability and Smartstore deployments At Zotec, you will enjoy a network of highly experienced professionals in an environment where you can operate with autonomy yet have the resources and backing of other professionals in a similar role. Entrepreneurial and enterprising is the spirit of our team. If you are an original thinker and opportunity seeker, we'd like to talk to you! Learn more about our organization.
At Zotec Partners, our people make it happen. Transforming the healthcare industry isn't easy. But when you build a team like the one we have, that goal can become a reality. Our accomplishments can't happen without our extraordinary people
the men and women across the country who make up our diverse Zotec family and help make this company a best place to work. Over 25 years ago, we started Zotec with a clear vision, to partner with physicians to simplify the business of healthcare. Today we are more than 900 employees strong and we continue to use our incredible talent and energy to bring that vision to life. We are a team of Innovators, Collaborators and Doers. We're seeking a Splunk Security Engineer to join us. We are seeking a skilled Splunk Security Engineer to join our Information Security team. In this role, you will be responsible for the administration, optimization, and support of our Splunk environment, including Splunk Enterprise, Splunk IT Service Intelligence (ITSI), Splunk Enterprise Security (ES), and Splunk Cloud deployments. You will work closely with cross-functional teams to enhance our security monitoring capabilities, develop dashboards, create efficient searches, and ensure the reliability of our Splunk infrastructure. What you'll do:
Splunk Implementation and Maintenance
Administer and maintain our Splunk Enterprise environment and Splunk Cloud setup Deploy, configure, and update Splunk Enterprise Security (ES) and IT Service Intelligence (ITSI) Coordinate and configure new Splunk resources as needed Configure and secure Splunk endpoints Install, configure, and update various Splunk applications and add-ons from Splunkbase Keep Splunk and Splunkbase apps up to date Run periodic health checks on Splunk systems Manage Splunk deployments to servers and workstations Update user index permissions
Dashboard and Search Development
Design, develop, optimize, and maintain Splunk dashboards, reports, and alerts Create and refine search queries using SPL to improve detection capabilities Develop custom visualization solutions to meet specific business requirements Create reusable dashboard components to ensure consistency across the environment Implement role-based access controls for dashboards and reports Provide training and support to end users on dashboard functionality Assist team members with dashboard creation and search building Extract complex fields from different types of log files using regular expressions
Data Ingestion and Management
Onboard and integrate new data sources into the Splunk environment Setup Splunk Technical Add-ons (TAs) for ingestion Configure and implement HTTP Event Collector (HEC) tokens Setup proper parsing and field extractions for custom log types Validate and refine Splunk license usage based on incoming logs Work with development teams to implement logging standards for custom applications Support cloud-based ingestion from AWS, Google Cloud, and SaaS platforms
Troubleshooting and Support
Troubleshoot Splunk-related issues and performance problems Assist Security and Operations teams with incident investigations using Splunk Provide on-call support during security incidents and investigations Assist with Universal Forwarder troubleshooting Perform analysis on log data and troubleshoot missing log errors from sources
Collaboration and Requirements
Participate in on-call rotation to support security investigations and assist with incidents as needed Stay current with Splunk updates, security threats, and industry best practices Other duties as assigned
What you'll bring to Zotec: 3+ years of experience administering and supporting Splunk environments Experience with Splunk Enterprise Security (ES) and/or IT Service Intelligence (ITSI) Strong understanding of search processing language (SPL) and dashboard creation Knowledge of log sources, parsing, and normalization techniques Detailed technical knowledge of database and operating system security Experience with Linux/Unix, Windows, and MacOS operating systems Understanding of network security concepts and security monitoring Strong analytical and problem-solving abilities Excellent communication and documentation skills Ability to work under pressure and adapt to changing priorities Detail-oriented with strong organizational skills Team-oriented and skilled in working within a collaborative environment Ability to prioritize tasks and manage time effectively Professionally exercises discretion and independent judgment in day-to-day work Preferred: Splunk certifications (Splunk Certified Admin, Architect, or similar) Experience with cloud environments (AWS, Azure, GCP) Experience integrating custom application logs and working with development teams Knowledge of SIEM concepts and security frameworks (MITRE ATT&CK, NIST) Advanced dashboard development skills including JavaScript, CSS, and XML Scripting/programming experience (Python, PowerShell) Familiarity with web-related technologies and protocols Experience with Splunk Observability and Smartstore deployments At Zotec, you will enjoy a network of highly experienced professionals in an environment where you can operate with autonomy yet have the resources and backing of other professionals in a similar role. Entrepreneurial and enterprising is the spirit of our team. If you are an original thinker and opportunity seeker, we'd like to talk to you! Learn more about our organization.