Role: Senior Security Engineer – Splunk
Location: Remote
Duration: Long Term Contract
Task Description
As a Senior Splunk Security Engineer, you will be responsible for leading the deployment, and maintenance of the Splunk Security Information Event Management (SIEM) solution within a 24x7x365 federal security operation. The Splunk Engineer will analyze our client’s business requirements / systems /networks and translate those specifications into a SIEM design that provides an efficient and effective SIEM solution within a federal cloud environment. The Senior Splunk Engineer will serve as a lead engineer for Splunk while providing mentorship and guidance for mid-level engineers.
Specific Job Duties Include
- Configuration, Deployment, and Maintenance of Splunk SIEM within a federal cloud environment
- Translate client requirements into technical design / implementation
- Configuration of Splunk in accordance with DISA STIG and CIS Benchmark requirements
- Recommend system and process improvements to continually enhance security operations
- Mentor and guide mid-level Security engineers supporting Splunk
- Assist security incident responders during system investigations
- Development of Dashboards and Reports within the Splunk SIEM
- Responding to tickets related to Splunk configuration changes and troubleshooting
Required Skills/Level Of Experience
- Minimum B.S Degree & Minimum 7 years’ experience
- 5+ years of Splunk Engineering / administration experience
- 3+ years of management of Splunk within a Federal environment
- Deep understanding of enterprise environments, specifically cloud-based and hybrid cloud environments.
- Knowledge of security frameworks including such as MITRE ATT&CK, OWASP, & NIST.
- Hands-on troubleshooting, analysis, and technical expertise to resolve incidents and/or service requests.
- Strong written communication skills and the ability to articulate technical security analysis to a non-technical audience
- Understanding of possible attack activities such as network reconnaissance probing/ scanning, DDOS, malicious code activity, etc.
- Ability to demonstrate Splunk Machine Learning Toolkit (MLTK), Splunk Search Processing Language (SPL) expertise and Regular Expression Language
- Experience with using scripting languages such as CSS, HTML, JavaScript, Python, and shell scripting to automate tasks and manipulate data
- Intermediate expertise with Red Hat Enterprise Linux (RHEL)
- 1+ years of experience leveraging Splunk or audit logs for incident response and user behavior analytics
- Experience with programming a plus
- Experience with security tool data, including Network & Host Firewall, Tenable, Tanium
- CompTIA Security+ Certification
Nice To Have Skills
- CISSP Certification
- Understanding and experience with FedRAMP Cloud Security Requirements