Security Analytics Knowledge Manager

Analytics, Splunk
Contract W2, 6 Months
Depends on Experience
Work from home not available Travel not required

Job Description

The Security Analytics Knowledge Manager responsible in building and maintaining an information repository designed to capture all relevant data records associated with various security controls and technologies. This information repository will be used to capture structured data elements used to provide valuable contextual enrichment of cyber security s asset and application data warehouse and SIEM environment. The knowledge manager will also be responsible for deploying various Splunk related configuration (knowledge objects) as it relates to the common information model. As new security relevant data sources are on boarded to the Splunk environment, the knowledge manager will be responsible for assuring that the data is complete, accurate, and parsed in accordance to the common information model used by CSIRT/SOC consumers. This position will also involve participation in major initiatives; as well as other focused efforts related to analysis, design, and the implementation of advanced business logic leveraging Splunk based solutions.

Job Specific Responsibilities
Engage in data lifecycle management of new data sources onboarded into Splunk and assuring knowledge object configurations to adhere to a CIM (Common Information Model).
Deploy and manage custom Splunk solutions leveraging various Splunk knowledge objects such as, but not limited to, lookups, summary indexes, field extractions, reports, alerts, workflow actions, and dashboards.
Interact with various cyber security teams in performing information collection, data onboarding, data analysis, and data quality assurance.
Assist cyber security end users to create, test, and implement custom Splunk search queries and dashboards to meet operational, tactical, and strategic metric reporting needs.
Contribute to creating advanced correlation business logic authoring in relation to SOC use case monitoring and security program governance reporting.
Coordinate efforts related to the ingestion of application logs from multiple line of business application owners.
Collaborate with various teams to collect, document, and maintain a system of record for security control and technologies.
Recommend, design, test, and implement best-in-class/best practice Splunk solutions for new use case requirements defined by cyber security partners.

Preferred Qualifications
Bachelor's degree in Computer Science, Engineering, Information Technology, Cyber Security, or related field. Minimum of 5+ years of professional experience in IT/Security industry space.
3-5 years of experience working with Splunk Enterprise and Splunk Premium apps, DB Connect and Splunk Enterprise Security, ELK/Elasticsearch, at multiple client environments.
4-5 years of experience with engineering and administrating large distributed clustered Splunk environments consisting of search heads, indexers, deployers, deployment servers, heavy forwarders/universal forwarders.
Minimum of two years of demonstrated experience in an information security technical role (engineering or operations) supporting high transaction volume oriented business customers, preferably at financial institutions.
Regex/Scripting/programming/RDBMS knowledge (shell, batch, perl, python, php, Oracle, MSSQL, others)
Familiarity with cloud-based and on-premise multi-platform environments with key understanding of operational/security risk considerations.
Possess strong analytical, technical, and problem solving abilities.
Strong sense of self-motivation; ability to identify problems and develop solutions.
Ability to manage time and priorities with multiple concurrent tasks and projects.

Desired Knowledge, Skills, & Abilities
Understanding of cyber security threat modeling frameworks such as, but not limited to, MITRE ATT&CK and Cyber Kill Chain.
Fundamental knowledge of firewalls, networking, operating systems, databases, and storage, and applied information security technologies including, but not limited to, intrusion detection/prevention systems, endpoint management, network security, identify management, content filtering, main frame security, web application firewalls, email security, anti-virus, and business fraud monitoring.
Experience working with open-sourced solutions related to SIEM and log event management solutions such as, but not limited to, Alien Vault, ELK stack, and e.g. is strongly desired.
Experience working with BI visualization technologies such as, but not limited to, Tableau, Power BI, Cognos, e.g. is a plus.
Experience working with industry leading document management systems such as Sharepoint, Confluence, e.g.
Experience using SQL/ODBC interfaces and app development using REST API frameworks is a plus.
Current Splunk Core Admin; Splunk Core Architect certification desired.
Other security certifications (e.g. Cisco Certified Network Associate (CCNA) Security, Security Essentials Certification (GSEC), GIAC Certified Enterprise Defender (GCED), Certified Perimeter Protection Analyst (GPPA), and Certified Information Systems Security Professional (CISSP)) is a strong plus.

Posted By

Jeremy Jensen

12020 Shamrock Plaza, Suite 200 Omaha, NE, 68154

Contact
Dice Id : 10124769
Position Id : GA_Knowledge
Originally Posted : 3 weeks ago
Have a Job? Post it