Vacancy expired!
- Develop and Implement Actionable Alerts and Workflow for Splunk as a SIEM (Security Information & Event Management) tool
- Develop and Implement Apps & Knowledge Objects (KO) like Dashboard, Reports, Data Models
- Work with the Splunk Architect/Admin to promote private KO to Global KO
- Assist, and/or train CISO Splunk Engineering team on Data Lifecycle Support
- Assist, train, and/or host workshops CISO teams and analysts on Searching and Content Development
- Develop and implement automation to improve efficiency of CISO workflows using Splunk
- Assist in development of advanced security use cases in Splunk
- Develop risk rules and risk incident rules to correlate and alert to significant cyber events.
- Develop custom dashboards specific to RBA (Risk Based Alerting) to highlight risk detail, health analysis and risk suppression.
- Configure incident response and remediation workflows for ES around notable events (RBA or otherwise alerted)
- Develop custom machine learning (ML) models to support anomaly-detection based augmentation of alerting
- Work with numerous stakeholders to implement & maintain event logging from various operating systems, applications, identity providers, network infrastructure, and cloud service providers.
- Understanding of network protocols, operating systems, applications, and device event telemetry
- Have strong communication and collaboration skills, both oral and written, with excellent interpersonal and organization skills.
- Understanding of network defense tools (firewall, IPS/IDS, WAF/CDN, etc), endpoint defense tools (EDR, anti-malware) a plus
- Experience with SAAS- or cloud-hosted Splunk implementation a plus.
- Extensive experience (7+ years) in information security operations and/or related IT operational functions
- Must possess a minimum of a Bachelors Degree in Computer Science, Information Technology or Information Security (Masters Degree preferred).
- CompTIA Security +
- CPTE - Certified Penetration Testing Engineer or CEH - Certified Ethical Hacker
- Certified Information System Security Professional (CISSP)
- Must be able to obtain a Position of Public Trust Clearance
- Pass both a client mandated clearance process to include drug screening, criminal history check and credit check.
- Once candidate's resume is approved and interview passed, the agency is responsible for providing drug screening. Failure to submit the drug screening results will delay the security clearance process.
- If a candidate is given an interim clearance, continuation of employment is then based on the candidate receiving a sensitive clearance.
- All candidates must be a US Citizen, or have permanent residence status (Green Card).
- Candidate must have lived in the United States for the past 5 years.
- Cannot have more than 6 months travel outside the United States within the last five years. Military Service excluded. (Exception does not include military family members.)
- All overtime must be pre-approved in writing by the client manager or his/her designated representative.
- Agency will not be reimbursed for overtime charges without previous written authorization. Authorized overtime will be reimbursed at straight time.
- The enforced dress code is business casual, i.e. collared shirt with slacks for men, no skirts above the knee for women.
- ID: #49424748
- State: Virginia Fallschurch 22040 Fallschurch USA
- City: Fallschurch
- Salary: $60 - $70
- Job type: Contract
- Showed: 2023-03-07
- Deadline: 2023-04-24
- Category: Et cetera