Senior Security Engineer (Splunk Content Developer/ES Searchhead Admin)

Overview

We are looking for a Splunk Content Developer/ES Search head Admin that can come in and take ownership of day-to-day Operations with minimal spin-up time. The successful candidate will be a member of a high performing team of certified Splunk Enterprise and Splunk ES administrators. You will partner with additional teams within Navy Federal Credit Union to protect the Navy Federal brand, data, and IT assets from cyber-based threats in support of our Cybersecurity Operations Center (CSOC) and its associated programs. You will serve as technical interface to customers (analysts) for Splunk and Splunk ES, articulating technology and product positioning to both business and technical users. Successful candidates will work independently, must be a self-starting self-motivated individual, be accountable and timely in their production and status reporting, and communicate effectively both in writing and when speaking to groups. You will be expected to work to build and maintain relationships within and outside of the CSOC. This position will require a high level of attention to detail to the work performed, following process, and detailed updates/documentation using Jira.

Responsibilities

• Developing notable events, visualizations, forms, reports, alerts, dashboards, and visualizations to identify adversarial activity
• Build and implement event correlation rules, logic, and content in the SIEM
• Configure notable event actions, action menus and Adaptive Responses
• Tune SIEM event correlation rules and logic to filter out security events associated with known and well-established network behavior, known false positives and/or known errors
• Create and support the creation of SIEM Use Cases and understand what alerts and log enrichment is necessary to meet the required acceptable false positive rate
• Translate feedback from the business to Splunk technical requirement and solutions
• Normalize data to ensure CIM compliance, and align with data models to accelerate queries, dashboards, and correlation searches
• Maintain Splunk Apps, Technology Add-ons as required by Splunk ES upgrades
• Research and look for opportunities to adopt the best practices and industry standards to enhance the SIEM, Fraud, and SOAR platforms
• Monitor system stability and performance and ensure system availability, reliability, and usability
• Troubleshoot and resolve Splunk-related technical issues, partnering with IT and SOC teams as needed
• Always provide professional and courteous service with excellent verbal and written communications skills.
• Participate in on-call rotation and respond to incident alerts
• Stay abreast of the latest Splunk features, technologies, and industry trends, and make recommendations for continuous improvement
• Follow Change & Configuration Management procedures in relevant tools (e.g. Jira, SNOW, etc.)
• Ensure the completion of tasks and update tickets accordingly

Qualifications

• Bachelor's degree in computer science, Information Systems, Cybersecurity or comparable field of study, and/or equivalent work experience
• Six (6) to eight (8) years of experience with Splunk in distributed deployments and at least two (2) years of experience in Splunk Cloud environments
• At least three (3) years of experience with Splunk Enterprise Security
• Current Splunk Enterprise Certified Admin certification
• Current Splunk Enterprise Security Certified Admin certification
• Proficient at data administrative activities including parsing and normalizing events to the Splunk Common Information Model (CIM)
• Proficiency aligning data to Splunk-developed add-ons for Windows, Linux, and common third-party devices and applications
• Superb communication skills (both oral/written) including the ability to clearly communicate technical topics and risk to an audience than can include both engineers and executives
• Strong problem-solving abilities with an analytic and qualitative eye for reasoning under pressure
• Experience with SIEM and/or SOAR platforms, including the development of automations and integrations
• Self-starter with the ability to independently prioritize and complete multiple tasks with little to no supervision
• Knowledge of JIRA and Confluence
• Knowledge of Change Management processes
• Hands on experience in an agile environment

Desired Qualifications

• Current Splunk Enterprise Certified Architect
• Current Splunk Core Certified Consultant
• Expert-level knowledge and ability with Splunk Enterprise Security or integration with other Security Information and Event Management (SIEM) platforms
• Knowledge of scripting languages like Python
• Experience in the banking or finance industries a plus
• Knowledge of version control practices and experience with version control software products (e.g. Git, Bitbucket, etc.)
• Knowledge of/ Experience with data pipeline configuration and integration
• Relevant cybersecurity certifications, (e.g. CISSP, GCIA, GCIH, GCED, or similar).
• At least three (3) years of experience in Cybersecurity, InfoSec, Security Engineering, Network Engineering with emphasis in Cybersecurity in the following areas:
  • In-depth knowledge of operating systems logs (Windows servers and workstations, AIX/Linux/Solaris, and Apple Mac)
  • In-depth knowledge of network appliance logs (Firewalls, router & switches).
  • Incident Response analysis
  • Network Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS)
  • Security Orchestration Automation and Response (SOAR)
  • Endpoint and Network Detection and Response (EDR/NDR)
  • User Behavior Analytics (UBA)
  • Network and Host malware detection and prevention
  • Network and Host forensic applications
  • Web/Email gateway security technologies

Hours: Monday - Friday, 8:00AM - 4:30PM

Locations: 820 Follin Lane, Vienna, VA 22180 | 5550 Heritage Oaks Dr. Pensacola, FL 32526 | 141 Security Dr. Winchester, VA 22602 | Remote

Salary Range: $99,400 - $155,350 annually (Level III)
$114,500 - $204,000 annually (Level IV)

About Us
Navy Federal provides much more than a job. We provide a meaningful career experience, including a culture that is energized, engaged and committed; and fierce appreciation for our teams, who are rewarded with highly competitive pay and generous benefits and perks.

Our approach to careers is simple yet powerful: Make our mission your passion.

Best Companies for Latinos to Work for 2024

Computerworld Best Places to Work in IT

Forbes 2024 America's Best Large Employers

Forbes 2024 America's Best Employers for New Grads

Forbes 2024 America's Best Employers for Tech Workers

Fortune Best Workplaces for Millennials 2024

Fortune Best Workplaces for Women 2024

Fortune 100 Best Companies to Work For 2024

Military Times 2024 Best for Vets Employers

Newsweek Most Loved Workplaces

2024 PEOPLE Companies That Care

Ripplematch Recruiting Choice Award

Yello and WayUp Top 100 Internship Programs

From Fortune . 2024 Fortune Media IP Limited. All rights reserved. Used under license. Fortune and Fortune Media IP Limited are not affiliated with, and do not endorse products or services of, Navy Federal Credit Union.

Equal Employment Opportunity: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected Veteran.

Hybrid Workplace: Navy Federal Credit Union is a hybrid workplace, and details will be discussed during your interview process.

Disclaimers: Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position. Job postings are subject to close early or extend out longer than the anticipated closing date at the hiring team's discretion based on qualified applicant volume. Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position

Bank Secrecy Act: Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.