Description:As part of the Information and Cybersecurity Department (ICD), the Information Security Operations Center (ISOC) Splunk Architect/Engineer will play an integral role in the administration, configuration, and technical enrichment of GTRI’s Splunk instance. The ideal candidate for this role is a cybersecurity focused Splunk subject matter expert who can architect and engineer solutions in Splunk and participate in incident response and forensic investigations using Splunk as needed. The ISOC Splunk Architect/Engineer will work closely with the ISOC analysts and Lab IT Directors to create tailored alerts and onboard necessary data. This role reports to the ISOC Manager. This position has been designated as hybrid and work will be performed within Eastern Time (ET) Zone. Requires extensive knowledge of computer operating systems, networks, log analysis and security tools. Applies engineering principles to cybersecurity challenges. Necessary skill areas: fundamentals of computer science, information analysis, testing software, log analysis, event correlation, anomaly detection, and behavioral analysis. Defining cybersecurity controls for different systems and networks. Creates novel cyber security technology components to ensure that critical systems/information are resilient to cyber exploits and attacks. Performs attendant vulnerability assessments, analysis, and software engineering and design. Ensures cybersecurity needs established and maintained for operations, security requirements definition, security risk assessment, information systems analysis, information systems design, information systems hardening, configuration and maintenance of other security boundary devices (IDS/IPS, Firewalls, perimeter routing) and vulnerability scanning, incident response, disaster recovery, and operations continuity planning and provides analytical support for security policy development and analysis. Engineers, implements, and maintains Information Technology Infrastructure and associated cybersecurity controls. Areas of responsibility include but are not limited to information security operations, cyber risk & intelligence, data loss & fraud protection, regulatory compliance, policy management and audits & assessment.Skills:splunk enterprise, Cyber security, Cloud, linux, queryTop Skills Details:splunk enterprise,Cyber security,CloudAdditional Skills & Qualifications:Key Responsibilities Helps with the validation security control configuration on systems, ensure all systems are configured to necessary controls, such as NIST, DFARS 252.204-7012, CMMC, and other similar requirements. Performs day to day analysis of security threats. Performs day to day remediation of security incidents. Provide leadership to lower-level cybersecurity and IT professionals across the enterprise. Additional Responsibilities Administer the Splunk application infrastructure for ICD/GTRI. Provide support for design, architecture, development, deployment, installation, configuration, integration, operation, and maintenance of Splunk resources. Create standardized documentation for Splunk deployments. Deploy and maintain dashboards, reports, alerts, technology apps/add-ons, and Common Information Model (CIM) compliance. Support the expansion of the current Splunk environment to include Splunk Enterprise Security (ES) and Security Orchestration, Automation & Response (SOAR). Support system and data integration within the security tool ecosystem within ICD On-board additional data sources with the assistance of stakeholders across the institution. Tune new and existing data streams, alerts, reports, and data models. Identify and remediate gaps in existing Splunk security posture and deployment. Mentor junior analysts in Splunk use and best practices.Experience Level:Intermediate LevelAbout TEKsystems: We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company. The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
Full-time