Information Security Unix Analyst, Splunk Ops (L09)

📋 Description

• • Join Synchrony Financial as an Information Security Unix Analyst, Splunk Ops (L09), a critical role within the Enterprise Logging Team. This team is the backbone of Synchrony's security and operational intelligence, responsible for managing and maintaining the company's extensive Splunk infrastructure. Your expertise will ensure that on-premises hosts, agents, and network feeds operate smoothly, securely, and efficiently, directly supporting vital business functions.
• • You will be instrumental in handling a wide range of responsibilities, from daily monitoring, proactive maintenance, and user support to executing complex upgrades and disaster recovery planning. The team's focus on reliability, performance, and cost-effectiveness is paramount, and your contributions will be key in preventing costly outages through continuous monitoring, automation, and swift incident response.
• • As a Level 2/3 support specialist, you will be the first line of communication for any critical outages or incidents, promptly alerting management via Teams or phone. Your role involves prioritizing tasks effectively and overseeing the daily logging operations within a global team, ensuring seamless operations across different time zones and regions.
• • A significant aspect of this position involves the operational components of the SYF Splunk Cloud stack. You will be tasked with developing new automation solutions to streamline processes and enhance efficiency. Furthermore, you will maintain both the on-premises Splunk infrastructure and the vast deployment of over 11,000 Splunk Universal Forwarders, ensuring they operate at an N-1 level for optimal performance and security.
• • Your responsibilities will extend to offering essential support to internal customers and senior leadership, acting as a subject matter expert for Splunk-related inquiries and issues. This includes managing Splunk Role-Based Access Control (RBAC), ensuring that users are granted access only to the necessary roles, thereby maintaining a strong security posture.
• • You will play a crucial role in planning and executing all Splunk upgrades, which may occur up to twice annually. These upgrades are often driven by the need to address security vulnerabilities and critical defects, ensuring the platform remains robust and protected against emerging threats.
• • Collaboration with Splunk Support will be a regular part of your duties, particularly for Cloud-based upgrades and resolving complex issues that require deploying changes to the environment. Your ability to troubleshoot effectively will be vital in restoring Splunk services as quickly as possible during any outages or incidents.
• • You will be responsible for fulfilling documentation and reporting requirements for audits, developing Standard Operating Procedures (SOPs), and creating Job Aids to support team knowledge and operational consistency.
• • This role demands strong troubleshooting skills to ensure the rapid restoration of Splunk services during critical events. You will also contribute to capacity management and indexing performance optimization, ensuring the Splunk environment can handle current and future data volumes efficiently.
• • You will leverage your proficiency in Splunk administration, including installation, configuration, upgrades, and troubleshooting, to maintain a high-performing and secure logging platform. A deep understanding of Splunk architecture, encompassing indexers, search heads, forwarders, and deployment servers, is essential.
• • Crafting and optimizing search queries using Splunk's Search Processing Language (SPL) will be a key activity, enabling effective data analysis and incident investigation.
• • Your knowledge of Splunk apps and add-ons, especially security-related ones like Splunk Enterprise Security (ES), will be leveraged to enhance the security monitoring capabilities of the platform.
• • You will utilize hands-on experience with automation tools such as CHEF, Ansible, and Terraform, along with CI/CD pipelines, to automate deployment and management tasks.
• • A solid understanding of Unix administration, command-line operations, and shell scripting is required for managing the underlying infrastructure.
• • User-level knowledge of ServiceNow for incident and request management, and Identity and Access Management (IAM) systems, will be beneficial for integrated workflows.
• • This role offers a unique opportunity to work within a dynamic financial services environment, contributing directly to the security and operational integrity of a leading consumer financial services company. You will be part of a team that values innovation, reliability, and continuous improvement, with opportunities for professional growth and development.