OVERVIEW:
We are seeking a Splunk Engineer to join our team and support our mission critical customer in Reston, VA. As our Splunk Engineer, you will engineer, maintain, and fully support of AWS cloud-based deployment, hosting, enhancement, and support of centralized Splunk hosting environment. Provide technical documentation, coordinate with external systems interface owners for integration planning, and support technical reviews. Work with the program technical team to develop and deploy an enterprise Security Information and Event Management (SIEM) capability. Integrate Splunk with legacy and emerging capabilities, data sources, and meta data standards. Continually research and develop capabilities to collect, analyze, aggregate, and provide network topologies that depict network connections.GENERAL DUTIES:
- Continuous improvement of Splunk capabilities, automated processes, and visualizations to provide cybersecurity analytics
- Managing and enhancing enterprise defensive tools and capabilities using Splunk capabilities
- Developing and maintaining performance metrics dashboard
REQUIRED QUALIFICATIONS:
- Bachelor’s degree and 8 years of experience related to specific functional area
- CompTIA Security+ or equivalent IAT Level II certification
- CompTIA Cloud+ or equivalent CSSP certification
- Experience with multi-node Splunk instances including administration, deployment, and use
- Experience in the use of network monitoring tools with a strong understanding of network protocols
- Experience with log normalization and other scripting and parsing (including a variety of formats such as CEF, JSON, XML)
- Knowledge of creating dashboards for application monitoring
- Experience performing security analysis, development, and implementation of security policies, standards, and guidelines
- Experience in security related areas such as vulnerability management, penetration testing, cyber threat analysis, and fusion
- Experience with Amazon Web Services or other cloud environments
- Experience integrating with REST APIs and external data sources
- Working collaboratively across cross-functional teams of all experience levels
- Creating, maintaining, and updating related knowledge management and technical documentation
- Understanding of full audit compliance to Information Assurance (IA) standards and ensure compliance to ICS 500-27 for audit reporting.
DESIRED QUALIFICATIONS:
- CSSP Infrastructure Support Cloud+, CEH, CySA+, or equivalent certification)
- Certification or interest in pursuing Splunk certifications (Architect, Consultant I, Consultant II, and/or Administrator).
- AWS certification
CLEARANCE:
