Certified Splunk UBA Engineer

at True Zero Technologies
  • Remote - United States

Remote

Cybersecurity

Mid-level

Job description

True Zero Technologies, a veteran-owned small business, was founded on the principle that the purposeful enablement of people and technology in an organization directly ties to the quality of its outcomes. True Zero recognizes that said outcomes begin and end with our people, and that is what we have built, a community of like-minded, driven, and passionate individuals and innovators who are aligned in a common goal of delivering top tier services to our customers. In 2023, True Zero was recognized as a “Best Places to Work” in two categories (“Prosperous and Thriving” ($5MM – $50MM in gross revenue) and “Mid-Atlantic Region” (DC, DE, MD, NC, VA, WV)) and in 2022, was recognized as one of Inc. Magazine’s Top 5000 Fastest Growing Companies.

We are seeking a highly skilled and Certified Splunk User Behavior Analytics (UBA) Engineer to join our dynamic cybersecurity team. The ideal candidate will have hands-on experience in deploying, configuring, and managing Splunk UBA solutions within large enterprise environments. Expertise in behavioral analytics for security operations, combined with a strong understanding of advanced threat detection and insider threat programs, is critical.

As a TZT consultant, the candidate will receive access to the full knowledge base which is driven by the True Zero community as well as the technical backing of the entire TZT team. True Zero encourages collaboration and growth through information sharing and knowledge workshops. The candidate will also have access to our internal Slack channel to stay connected with the team as well as the necessary tools to train, demo, test and grow their professional skills.

Key Rosponisbilities

  • Design, deploy, and maintain Splunk UBA solutions to support enterprise-wide security initiatives.
  • Develop and tune behavior models to enhance detection capabilities for insider threats, compromised credentials, and advanced persistent threats (APTs).
  • Integrate Splunk UBA with Splunk Enterprise Security (ES) and other security tools to create comprehensive threat detection frameworks.
  • Perform regular UBA model tuning and system optimization to ensure peak performance and accurate alerting.
  • Develop and maintain documentation on UBA configuration, tuning methodologies, detection use cases, and response processes.
  • Collaborate with the Security Operations Center (SOC), Incident Response (IR) teams, and IT operations to build efficient threat detection and mitigation workflows.
  • Integrate z/OS log data and mainframe activity into Splunk for centralized security monitoring and behavior analysis.
  • Work closely with mainframe teams to understand z/OS-specific security requirements and ensure appropriate visibility and correlation.
  • Stay updated on the latest developments in behavioral analytics, insider threat detection, and Splunk UBA product updates.
  • Provide advanced troubleshooting and support for Splunk UBA and assist with the resolution of complex incidents.

Required Qualifications

  • Splunk UBA Certification and/or Splunk Enterprise Security Certification.
  • 3+ years of hands-on experience with Splunk UBA in large-scale environments.
  • Strong understanding of behavioral analytics and insider threat detection methodologies.
  • Experience integrating and customizing Splunk UBA use cases and threat models.
  • Proficiency in Splunk Core, Splunk Enterprise Security (ES), SPL (Search Processing Language), and data onboarding best practices.
  • Familiarity with enterprise logging practices and SIEM integrations.
  • Experience in security frameworks such as MITRE ATT&CK, NIST CSF, and ISO 27001.
  • Scripting experience with Python, Bash, or PowerShell for automation and data manipulation tasks.
  • Strong communication and documentation skills.

Preferred Qualifications

  • Experience with large-scale data ingestion and normalization across heterogeneousenvironments.
  • Working knowledge of IBM z/OS systems including SMF (System Management Facility) records, RACF (Resource Access Control Facility) logs, and integration of mainframe security data into SIEM platforms.
  • Familiarity with Machine Learning Toolkit (MLTK) in Splunk for custom analytic models.
  • Exposure to other behavioral analytics platforms or insider threat management tools.
  • Basic knowledge of mainframe security tools like ACF2, Top Secret, or similar.
  • Familiarity with integrating cloud data sources (AWS, Azure, GCP) into Splunk and UBA.
  • Hands-on experience with threat hunting and proactive detection strategies.
  • Experience with regulatory compliance requirements such as PCI DSS, HIPAA, SOX, etc.

Educational Requirements

  • Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field; or equivalent work experience.
  • Splunk Professional certifications (Splunk Core Certified Power User, Splunk Enterprise Certified Admin) are a plus.

We’re actively searching for talented security and technology practitioners who are ready to experience the True Zero difference. As a True Zero team member, you’ll enjoy:

- Competitive salary, paid twice per month

- Best in class medical coverage

- 100% of medical premiums covered by True Zero

- Company wide new business incentive programs

- Contribution Incentives (i.e. white papers, blog posts, internal webinars, etc.)

- 3 weeks of PTO starting + 11 Paid Holidays Annually

- 401k Program with 100% company match on the first 4%

- Monthly reimbursement of Cell Phone and Home Internet costs

- Paternity/Maternity Leave

- Investment in training and certifications to broaden and deepen your technical skills

Share this job:
Please let True Zero Technologies know you found this job on Remote First Jobs 🙏

Latest Jobs at True Zero Technologies

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply