Splunk Security Engineer
Posted 1 week ago by 1755935669
Negotiable
Outside
Remote
USA
Summary: As a Splunk Security Engineer, you will lead the deployment and maintenance of the Splunk SIEM solution within a federal security operation. This role involves analyzing business requirements and translating them into effective SIEM designs while providing mentorship to mid-level engineers. You will also be responsible for ensuring compliance with security frameworks and enhancing security operations. The position is remote and requires extensive experience in Splunk and federal environments.
Key Responsibilities:
- Configuration, Deployment, and Maintenance of Splunk SIEM within a federal cloud environment.
- Translate client requirements into technical design / implementation.
- Configuration of Splunk in accordance with DISA STIG and CIS Benchmark requirements.
- Recommend system and process improvements to continually enhance security operations.
- Mentor and guide mid-level Security engineers supporting Splunk.
- Assist security incident responders during system investigations.
- Development of Dashboards and Reports within the Splunk SIEM.
- Responding to tickets related to Splunk configuration changes and troubleshooting.
Key Skills:
- B.S Degree & Minimum 7 years of experience.
- CompTIA Security+ Certification.
- 5+ years of Splunk Engineering / administration experience.
- 3+ years of management of Splunk within a Federal environment.
- 1+ years of experience leveraging Splunk or audit logs for incident response and user behavior analytics.
- Deep understanding of enterprise environments, specifically cloud-based and hybrid cloud environments.
- Knowledge of security frameworks including such as MITRE ATT&CK, OWASP, & NIST.
- Hands-on troubleshooting, analysis, and technical expertise to resolve incidents and/or service requests.
- Strong written communication skills and the ability to articulate technical security analysis to a non-technical audience.
- Understanding of possible attack activities such as network reconnaissance probing/ scanning, DDOS, malicious code activity, etc.
- Ability to demonstrate Splunk Machine Learning Toolkit (MLTK), Splunk Search Processing Language (SPL) expertise and Regular Expression Language.
- Experience with using scripting languages such as CSS, HTML, JavaScript, Python, and shell scripting to automate tasks and manipulate data.
- Intermediate expertise with Red Hat Enterprise Linux (RHEL).
- Experience with programming is a plus.
- Experience with security tool data, including Network & Host Firewall, Tenable, Tanium.
Salary (Rate): undetermined
City: undetermined
Country: USA
Working Arrangements: remote
IR35 Status: outside IR35
Seniority Level: undetermined
Industry: IT
Splunk Security Engineer
Client: TriWest
POP: 12+ months
Location: Remote
SCOPE
As a Splunk Security Engineer, you will be responsible for leading the deployment, and maintenance of the Splunk Security Information Event Management (SIEM) solution within a 24x7x365 federal security operation. The Splunk Engineer will analyze our client s business requirements / systems /networks and translate those specifications into a SIEM design that provides an efficient and effective SIEM solution within a federal cloud environment. The Splunk Engineer will serve as a lead engineer for Splunk while providing mentorship and guidance for mid-level engineers.
REQUIRED SKILLS
- B.S Degree & Minimum 7 years of experience.
- CompTIA Security+ Certification
- 5+ years of Splunk Engineering / administration experience.
- 3+ years of management of Splunk within a Federal environment.
- 1+ years of experience leveraging Splunk or audit logs for incident response and user behavior analytics.
- Deep understanding of enterprise environments, specifically cloud-based and hybrid cloud environments.
- Knowledge of security frameworks including such as MITRE ATT&CK, OWASP, & NIST.
- Hands-on troubleshooting, analysis, and technical expertise to resolve incidents and/or service requests.
- Strong written communication skills and the ability to articulate technical security analysis to a non-technical audience.
- Understanding of possible attack activities such as network reconnaissance probing/ scanning, DDOS, malicious code activity, etc.
- Ability to demonstrate Splunk Machine Learning Toolkit (MLTK), Splunk Search Processing Language (SPL) expertise and Regular Expression Language.
- Experience with using scripting languages such as CSS, HTML, JavaScript, Python, and shell scripting to automate tasks and manipulate data.
- Intermediate expertise with Red Hat Enterprise Linux (RHEL).
- Experience with programming is a plus.
- Experience with security tool data, including Network & Host Firewall, Tenable, Tanium
PREFERRED SKILLS
- CISSP Certification
- Understanding and experience with FedRAMP Cloud Security Requirements
TASKS
- Configuration, Deployment, and Maintenance of Splunk SIEM within a federal cloud environment.
- Translate client requirements into technical design / implementation.
- Configuration of Splunk in accordance with DISA STIG and CIS Benchmark requirements.
- Recommend system and process improvements to continually enhance security operations.
- Mentor and guide mid-level Security engineers supporting Splunk.
- Assist security incident responders during system investigations.
- Development of Dashboards and Reports within the Splunk SIEM.
- Responding to tickets related to Splunk configuration changes and troubleshooting.