|Title:||Senior Splunk Engineer|
|Job Type:||Exempt (salaried)|
The Splunk Engineer must be able to meet the key criteria below:
- Location: Must be onsite in Greenbelt, MD
- Years’ Experience: 14+ years
- Education: Bachelors
- Clearance: Must be able to obtain and maintain a Public Trust
- Work Authorization: Must be authorized to legally work in the United States
- Key Skills:
- Preferred Certifications: Splunk Certified Administrator, Power User, Architect or Architect II
Do you want to help IBR build a portfolio of next-generation data collection systems? The Splunk Engineer will report to the SOC Director and Deputy Directory and will provide overall engineering and design support for a very large distributed Splunk environment consisting of heavy forwarders, indexers, and search head servers, spanning security, performance, and operational roles. The Splunk engineer will support the full system engineering life-cycle, including requirements analysis, design, development, integration, test, documentation, and implementation following defined best practices and operational workflows.
The candidate should be familiar with recognizing and onboarding new data sources into Splunk, analyzing the data for anomalies and trends, and building dashboards highlighting the key trends of the data. The Splunk engineer should be familiar with Windows and Linux environments, editing and maintaining Splunk configuration files and apps.
The Splunk engineer will work with other Cybersecurity Engineering team members and will be required to interact with end users to gather requirements, perform troubleshooting, and provide assistance with the creation of Splunk search queries and dashboards. The Splunk engineer will be required interact with senior management, as necessary.
- Set up and configure Splunk search servers, deployment servers, clustered indexers, and forwarders, as required
- Configure Splunk integration points and verify functionality in the technical evaluation environment
- Document build procedures and customizations to provide inputs to functional and operational requirements
- Create custom reports for ingestion to RSA Archer Dashboard
- Demonstrate innovative influence for projects
- Problems faced are difficult and often complex
- Strong understanding of root causes of malware infections and proactive mitigation
- Strong understanding of lateral movement and footholds
- Strong understanding of data exfiltration techniques. Demonstrated ability in critical thinking, problem solving, and analytics
- Enjoy analyzing patterns looking for outliers
- Enjoy creating ways to find needles in haystacks
- Have real world experience analyzing complex attacks and understand TTPs of threat actors
- Define relationships between seemingly unrelated events through deductive reasoning
- Experience in network/host based intrusion analysis, malware analysis, forensics, and cyber threat intel
- Knowledge of advanced threat actors and complex attacks
- Possess excellent writing skills and the ability to communicate to technical and executive level staff
- Quick study with new tools
- Knowledge and experience with Splunk and other cyber tools
- Designing, engineering, configuring and administering Splunk content
- Assisting in the proper operation and performance of Splunk, plug-ins, loggers and connectors
- Building Splunk reports
- Developing dashboards with visual metrics for stakeholders
- Defining strategy and design around data collection, aggregations, and summarization processes
- Integrating external data sources into Splunk
- Enforcing best practices related to summarizing and querying data
- Developing advanced scripts for the manipulation of multiple data repositories to support analyst requirements
- Partnering with other enterprise teams to support data capture and advanced data analytics and forecasting efforts to support proactive identification of issues
- Providing recommendations and implement changes to optimize Splunk products in the customer environment
- Designing the Splunk system solution to meet growth while maintaining a balance between performance, stability, scalability and agility
- SIEM content management
- Ability to develop use cases, search and reporting scripts
- Create, optimize, and continuously evaluate security monitoring content (correlated searches/alerts) on Splunk ES.
- Demonstrated 7+ years knowledge and hands-on experience in security with an emphasis in engineering design, system analytics, operations and maintenance of a variety of security technologies used for security defense areas such as: network, storage/back, platforms (Windows/Linux Servers and desktops)
- 5 years of experience with Splunk, network security, system security, and supporting security information and event management (SIEM)
- Demonstrated experience in the implementation of information engineering projects; systems analysis, design and programming using standard tools and methods
- Create complex detection and alerting logic and log source onboarding for security focused content in our enterprise Splunk deployment.
- Ingest sources include: Networking (Load-Balancers, IPS, Firewalls), Operating Systems (Linux, Windows, UNIX), security tools, infrastructure, and applications.
- Engineer, configure, and deploy enterprise SIEM and log management solutions, develop automation for security tools management, and create customized searches and applications using programming and development expertise, including Java, Python, Shell scripting, and regular expression.
- Create and optimize Big Data correlations as a Splunk search language (SPL) expert.
- Optimize/Tune logging source streams.
- Provide guidance and support for existing security analytics.
- Develop solution and enterprise best practices for logging and monitoring.
- Work directly with cyber security teams to gather functional requirements, develop solutions which meet or exceed the requirements, and support the system.
- Promote a risk-aware culture, ensure efficient and effective risk and compliance management practices by adhering to required standards and processes.
- Leverage knowledge on a number of security technologies to operate and maintain the Splunk log management infrastructure.
- Develop advanced reports to meet the requirements of key stakeholders and scalable security management tools and processes.
- The candidate must have experience in designing, implementing, and maintaining a fully operating SIEM solution.
- Strong technical knowledge of Amazon AWS products and services, such as EC2, BeanStalk, Lambda, VPC, Route53, Amazon FW, API Gateway, ELB, CloudTrail, CloudFront, and etc.
- Strong knowledge of information security concepts, trends, and practices
- Working knowledge of various network and security systems
- Familiarity with basic statistics/probability and Big Data analytics techniques such as SVM, logistics regression, Kmeans, and Naives Bayes.
- An ability to learn quickly, and a passion for solving technical problems
- Superior written and oral English communication skills is essential
- Highly developed, process-oriented skills for troubleshooting, problem solving, and problem resolution
- Good knowledge of networking concepts
- Familiarity with XML and HTML, CSS, XML tasks
- Ability to perform shell, Python and PERL scripts
- Prior supervisory or technical team lead experience
- Knowledge of network routing and switching fundamentals to include knowledge of Multiprotocol Layer Switching (MPLS)
- Deep technical understanding of operating systems, network architecture and design, Active Directory (AD) application log consumables, systems design as well as superior knowledge of technical operations process and procedures
- Knowledge of encryption, key management and cryptology
- Knowledge with the Risk Management Framework (NIST 800-37), Security Controls as described in NIST 800-35, and the Federal Information Security Modernization Act (FISMA) operating standards and applicable guidelines
- Practical knowledge of performing threat modelling, risk analysis, root cause analysis, risk identification, and risk mitigation
- Experience planning and implementing secure networking practices such as: application segmentation, network segmentation, NAC and other access control testing/validation, updating access control SOPs
- Ability to configure and develop an enterprise SIEM solution including signature tuning, development of correlation rules, reports, and alarms
Imagine Believe Realize, LLC (IBR) is an emerging small business focused on delivering software and systems engineering solutions to government and commercial clients. Our talent acquisition strategy is tailored to career seeking candidates who embrace continuous learning and desire to grow as a professional in the software/systems engineering industry. We strive to enhance our team members ability to thrive in the workplace by creating a proper work/life balance and first-class benefits package that includes:
- Nationwide medical, dental, and vision insurance
- 3 weeks of paid time off
- 10 paid federal holidays
- 401k matching
- Life insurance at no cost to our employees
- Short term disability insurance at no cost to our employees
- Long term disability insurance at no cost to our employees
- Health care flex spending accounts
- Dependent care flex spending accounts
- Training opportunities
- Education assistance opportunities
IBR is an Equal Opportunity and Affirmative Action Employer. It is our policy to offer employment opportunity to all persons without regard to race, color, age, national origin, religion, sex, gender identity/transgender status, veteran status, disability, genetic information, pregnancy, childbirth or related medical conditions, or any other status protected under applicable federal, state, or local law.
Learn more at http://www.teamibr.com