Security Engineer - Splunk

Task Description: As a Splunk Security Engineer, you will be responsible for leading the deployment, and maintenance of the Splunk Security Information Event Management (SIEM) solution within a 24x7x365 federal security operation. The Splunk Engineer will analyze our client's business requirements / systems /networks and translate those specifications into a SIEM design that provides an efficient and effective SIEM solution within a federal cloud environment. The Splunk Engineer will serve as a lead engineer for Splunk while providing mentorship and guidance for mid-level engineers.

Specific job duties include:

• Configuration, Deployment, and Maintenance of Splunk SIEM within a federal cloud environment.
• Translate client requirements into technical design / implementation.
• Configuration of Splunk in accordance with DISA STIG and CIS Benchmark requirements.
• Recommend system and process improvements to continually enhance security operations.
• Mentor and guide mid-level Security engineers supporting Splunk.
• Assist security incident responders during system investigations.
• Development of Dashboards and Reports within the Splunk SIEM.
• Responding to tickets related to Splunk configuration changes and troubleshooting.

Required skills/Level of Experience:

• 5+ years of Splunk Engineering / administration experience.
• 3+ years of management of Splunk within a Federal environment.
• Deep understanding of enterprise environments, specifically cloud-based and hybrid cloud environments.
• Knowledge of security frameworks including such as MITRE Telecommunication&CK, OWASP, & NIST.
• Hands-on troubleshooting, analysis, and technical expertise to resolve incidents and/or service requests.
• Strong written communication skills and the ability to articulate technical security analysis to a non-technical audience.
• Understanding of possible attack activities such as network reconnaissance probing/ scanning, DDOS, malicious code activity, etc.
• Ability to demonstrate Splunk Machine Learning Toolkit (MLTK), Splunk Search Processing Language (SPL) expertise and Regular Expression Language.
• Experience with using scripting languages such as CSS, HTML, JavaScript, Python, and shell scripting to automate tasks and manipulate data.
• Intermediate expertise with Red Hat Enterprise Linux (RHEL).
• 1+ years of experience leveraging Splunk or audit logs for incident response and user behavior analytics.
• Experience with programming a plus.
• Experience with security tool data, including Network & Host Firewall, Tenable, Tanium

Nice to have skills:

• Understanding and experience with FedRAMP Cloud Security Requirements