Security Tools Engineer/Administrator

$80 - $90

Contract: W2, 6 Month(s)

  • No Travel Required

Skills

Cyber SecurityNetskopeSplunkSystem Administrationsecurity incident response

Job Description

Job Title: Security Engineer/Administrator

Location: San Jose, CA (Onsite-Hybrid Possible)

Duration: 6+ Months (Possible Extension-Long Term Project)

Must Have: Netskope and Splunk deployment/configuration Experience

Essential Job Duties:

  • Deploy, Administer and Configure security tools (SIEM, CASB, EDR, DLP, Vulnerability Management etc.).
  • Ability to create standard procedures/run books for managing and maintaining various security controls, currently in place.
  • Perform maintenance and regular health check of the Security tools and keep them functional for the Cyber Security Operations.
  • Assist with incident response procedures and processes, including identifying and establishing appropriate escalation/communication chain.
  • Should be able to assist and provide support in forensics investigations to root cause security incidents/breaches and carry out effective remediation activities.
  • Ability to analyze system and firewall logs to assist with security analysis and threats.
  • Work closely with Cybersecurity team in instituting an effective Threat & Vulnerability Management program.
  • Assisting in reviewing existing security controls and help identify security risks.
  • Work closely with Cybersecurity team in recommending effective security controls to mitigate and minimize security risks.
  • Create and maintain security tools dashboard

Required Skills:

  • Experience directly related to information technology security in medium to large enterprise.
  • This experience should include active participation in security programs and processes that have contributed to the development and administration of an organization wide IT security architecture.
  • Knowledge of networking and protocols such as SSL, HTTP, DNS and SMTP
  • Working across teams to implement security controls throughout the company.
  • Deploying POCs and Pilots as needed, working with multiple enterprise teams to obtain testers to validate assumptions and operation of controls prior to wide scale deployment.
  • Ensuring proper documentation of existing configuration, procedures, and guidelines.
  • Proven experience performing System Administration. Deployment and maintenance on security controls such as SIEM, DLP, EDR, CASB, SOAR, SSO and other security controls.
  • Experience deploying, migrating to, and/or supporting cloud network security (SASE/CASB) products such as Netskope, iBoss, Zscaler or Palo Alto.
  • Demonstrated experience using Splunk Search Processing Language in creating queries, setting alerts, identifying event conditions, and building dashboards
  • Installing, configuring, and deploying Splunk infrastructure, to include search heads, indexers, forwarders, and other Splunk components
  • Splunk account creation and role-based access control
  • Monitor and maintain Splunk performance, availability, and capacity.
  • Grow and improve the enterprise Splunk environment to a mature implementation by creating forwarder apps to ingest data feeds
  • Develop reliable, efficient, and re-usable queries that will feed custom alerts and dashboards
  • Assist users in accessing and identifying relevant audit logs, both for troubleshooting and cybersecurity compliance purposes
  • Administration of the servers on which Splunk infrastructure is deployed is not a direct responsibility, but the successful candidate must be familiar enough with both Splunk and server administration to participate in server troubleshooting affecting Splunk performance.
  • Must be familiar with a wide range of security technologies including, but not limited to: SIEM, CASB
  • IDS/IPS, malware analysis and protection, content filtering, logical access controls, identity and access management, data loss prevention, content filtering technologies, application firewalls, vulnerability scanners, LDAP, forensics software, SSO, SOAR, Privilege Access Management and security incident response and Identity Management.