Please note that this is a 5 months contract position.
The resource will work closely with the Manager, Threat Operations, Incident Response and the USPS Manager, CyberSecurity Engineering, Data Services and Security. This resource will be working with the Operations and Splunk teams to build Risk Based alerting rules within Splunk to improve monitoring.
- 3+ years Splunk ES experience
- 2+ years’ experience as a Splunk correlation/Risk Rule/Risk Based Alerting developer
- Understanding of Risk Based Alerting (RBA) macros
o Standardize users and systems
o Scoring risk events
o Attributing risk events
- The candidate will be able to develop risk rules and risk incident rules to correlate and alert to significant cyber events.
- The candidate will be able to develop custom dashboards specific to RBA to highlight risk detail, health analysis and risk suppression.
- The candidate will be able to develop workflow actions to display details around a risk alert.
- The candidate will hold strong communication and collaboration skills, both oral and written, with excellent interpersonal and organization skills along with the ability to succeed with remote management.
- The candidate will need to be able to obtain a sensitive clearance.
• BS Degree in Information Security, Cybersecurity, Information Assurance, Risk Management, or equivalent work experience.
CERTIFICATIONS: (One or more desired)
• Security+, CISSP, CAP
Applicants must provide their phone number. Reference job number A224.
San Francisco, CA, 94159Contact