Overview
Skills
Job Details
Splunk SMEs specializing in Splunk ES and XSOAR in Dallas, TX. Role is 100% remote. or required per terms of federal contract (ship preferred)
Duration: 5+ months, temp to perm
Skills (NONE/ADVANCED/EXPERT):
Experience using and configuring Splunk ES
Experience using and configuring XSOAR
Hands on experience in terraform IaC deployments and ability to implement security automation.
Good understanding of security controls related to regulatory requirements, such as NIST, PCI, ISO 27001, HIPAA compliance etc
Experience leading security and compliance efforts and have hands-on experience
Experience working in AWS environment
Questions (must answer YES to ALL):
Do you have at least 5+ years of experience in the IT industry with strong technical knowledge on AWS Infrastructure & security services (EC2, ELB, Guardduty, Config, Inspector, Security Hub, RDS, Route53, S3, vpc, vpn, tgw, cloudwatch, cloudtrail, eventbridge)?
Do you have hands on experience in terraform IaC deployments and ability to implement security automation?
Do you have good technical experience managing products like Splunk enterprise security, Tenable Nessus, PaloAlto firewall, Cortex XSOAR?
Description:
- At least 5+ years of experience in the IT industry with strong technical knowledge on AWS Infrastructure & security services (EC2, ELB, Guardduty, Conf
- Hands on experience in terraform IaC deployments and ability to implement security automation.
- Strong experience working on enterprise security solutions such as WAF, IPS, DDOS, and SIEM.
- Good technical experience managing products like Splunk enterprise security, Tenable Nessus, PaloAlto firewall, Cortex XSOAR.
- Good understanding of security controls related to regulatory requirements, such as NIST, PCI, ISO 27001, HIPAA compliance etc
- Architecture certification (Google, Amazon, Azure) from a major cloud platform.
- Information Security Certification is a plus: ISO 27001, CISSP or CISM or other equivalent.
- Experience working on FedRamp compliant projects is a plus.
- Splunk Skill Set:
Strong hands-on working experience in Splunk Installation and UNIX management, Splunk architecture and components including search heads, indexers and forwarders.
Installed, configured, and maintained Splunk Add ons and Apps such as but not limited to: Splunk Add-On for AWS, Splunk Add-On for Windows, and Google Workspace for Splunk.
Creation of new dashboards, reports or analytics
Managed a clustered environment with multiple indexers and search heads.
Administered both Splunk Enterprise and Splunk Enterprise Security.
Worked closely with various Security and Platform Engineering teams to onboard new data from various sources.
Creation of new alerts, custom rules.
Maintaining the security of splunk and its related components and indexes
Maintaining current patch levels for all splunk components including the Linux host OS patching and upgrading
Performing major version upgrades including the Linux host OS, Splunk components as necessary
Troubleshooting and resolving splunk issues as necessary
Candidates with Splunk Enterprise Security Certified Admin or Splunk Certified Cybersecurity Defense Analyst certification will be preferred.
XSOAR skillset Requirements: -
Experience in XSOAR with ability to configure existing and/or create new Incident Types, Incident Fields, Classifications & Mappings
Ability to build new or modify existing Playbooks, including implementation of Generic Polling and similar tasks
Ability to configure and manage Threat Intelligence Management (TIM) features in XSOAR
Palo Certified Security Automation Engineer (PCSAE) preferred
What You Bring To The Team:-
Can work autonomously, deliver with minimal supervision from a set of requirements
Demonstrated ability to think strategically about business, product, and technical challenges
Has excellent communication skills to work as a member of a team
Ability to function in an agile-based environment and provide good daily feedback on team stand-up call
Good communication skills verbal / written