Description
Splunk Engineer-Core Certified Consultant/ ES Accreditation Required (R-00101)
Team: Data/Analytics
Location: 100% Remote
Commitment: Full-Time
Workplace Type: remote
True Zero Technologies, a veteran-owned small business, was founded on the principle that the purposeful enablement of people and technology in an organization directly ties to the quality of its outcomes. True Zero recognizes that those outcomes begin and end with our people, and that is what we have built a community of like-minded, driven, and passionate individuals and innovators who are aligned in a common goal of delivering top-tier services to our customers. Our culture and commitment have been recognized through numerous accolades, including being named one of the Best Places to Work in 2023 in two categories (“Prosperous and Thriving” ($5MM–$50MM in gross revenue) and “Mid-Atlantic Region” (DC, DE, MD, NC, VA, WV)), and again in 2025 as a Best Places to Work honoree. In addition, True Zero earned coveted spots on the Inc. 5000 list of fastest-growing companies in America in 2022, 2023, and 2025, a testament to our sustained growth driven by our people-first approach and unwavering dedication to excellence.
Job Responsibilities
- Implement RBA: Develop and implement RBA strategies within Splunk ES to reduce alert noise and focus on high-fidelity alerts.
- Develop RBA components: Build and implement actionable alerts, workflow actions, risk incident rules, and risk scores.
- Create dashboards and reports: Design custom dashboards to visualize risk scores and provide context for analysts.
- Correlate data: Use Splunk's capabilities to correlate disparate events to identify patterns of risky behavior.
- Build custom solutions: Develop custom machine learning (ML) models to augment alerting and create automated workflows to improve efficiency.
- Content Development: Develop advanced security content, including dashboards, reports, and alerts, to highlight risk details, health analysis, and risk suppression specific to RBA environments.
- Data: Collaborate with application and system owners to onboard new data sources (e.g., from Windows, Linux, cloud services like AWS/Azure) and ensure proper parsing and enrichment for effective analysis within RBA.
- Correlate various data sources, such as logs from operating systems, applications, and cloud providers, into Splunk to feed RBA models.
Preferred/Required Qualifications
- Core Certified Consultant is a requirement
- Technical Expertise: Deep technical expertise in Splunk administration, architecture, and Search Processing Language (SPL).
- Security Knowledge: Strong understanding of security operations, threat detection, incident response, and security frameworks (e.g., NIST RMF).
- Preferred relevant Splunk certifications are a plus such as:
- Splunk Core Certified Power User
- Splunk Enterprise Certified Admin
- Splunk Enterprise Certified Architect
- Splunk ES
- Scripting: Proficiency in scripting languages like Python, PowerShell, or Bash for automation and data analysis.
- Willingness to collaborate within an agile environment
We’re actively searching for talented security and technology practitioners who are ready to experience the True Zero difference. As a True Zero team member, you'll enjoy:
- Competitive salary, paid twice per month
- Best in class medical coverage
- 100% of medical premiums covered by True Zero
- Company wide new business incentive programs
- Contribution Incentives (i.e. white papers, blog posts, internal webinars, etc.)
- 3 weeks of PTO starting + 11 Paid Holidays Annually
- 401k Program with 100% company match on the first 4%
- Monthly reimbursement of Cell Phone and Home Internet costs
- Paternity/Maternity Leave
- Investment in training and certifications to broaden and deepen your technical skills
There are more than 50,000 engineering jobs:
Subscribe to membership and unlock all jobs
Engineering Jobs
60,000+ jobs from 4,500+ well-funded companies
Updated Daily
New jobs are added every day as companies post them
Refined Search
Use filters like skill, location, etc to narrow results
Become a member
🥳🥳🥳 452 happy customers and counting...
Overall, over 80% of customers chose to renew their subscriptions after the initial sign-up.
To try it out
For active job seekers
For those who are passive looking
Cancel anytime
Frequently Asked Questions
- We prioritize job seekers as our customers, unlike bigger job sites, by charging a small fee to provide them with curated access to the best companies and up-to-date jobs. This focus allows us to deliver a more personalized and effective job search experience.
- We've got over 200,000 jobs from 15,000+ vetted companies. No fake or sleazy jobs here!
- We aggregate jobs from 15,000+ companies' career pages, so you can be sure that you're getting the most up-to-date and relevant jobs.
- We're the only job board *for* software engineers, *by* software engineers… in case you needed a reminder! We add thousands of new jobs daily and offer powerful search filters just for you. 🛠️
- Every single hour! We add 2,000-3,000 new jobs daily, so you'll always have fresh opportunities. 🚀
- Typically, job searches take 3-6 months. EchoJobs helps you spend more time applying and less time hunting. 🎯
- Check daily! We're always updating with new jobs. Set up job alerts for even quicker access. 📅
What Fellow Engineers Say