Today
Top Secret
Mid Level Career (5+ yrs experience)
No Traveling
IT - Security
The Cybersecurity Engineer – Splunk Engineer – Mid Level will be responsible for administering, maintaining, and engineering the multi-enclave enterprise On-Premises and Splunk Cloud environment for the DCSA.
Location: Quantico, VA Hybrid (2 Days onsite,3 Days Offsite. Additional on-site days may be required to meet mission requirements)
Clearance: Active Top Secret a MUST
Certification(s):
1. IAT Level II REQUIRED
2. Any level of Splunk certification
Support SOC personnel with Incident Response, Threat Hunting, Trends Analysis, and other Cyerbersecurity objectives Liaise with different stakeholders to coordinate ingestion of logs to Splunk
EDUCATION REQUIREMENTS:
1.Bachelor’s Degree in Information Technology, Information Systems Management, or Cybersecurity (Preferred)
BASIC QUALIFICATIONS:
1.Five (3-5) years of experience with multi-enclave enterprise On-Premises Splunk/Splunk Cloud Engineering 2.Ability to provide support to Incident Responders and other SOC Members for developing queries, alerts, dashboards, etc. via Splunk.
3.Ability to manage and implement various Splunk Apps such: Enterprise Security, ITSI, etc.
4.Maintaining health of Splunk environment 5.Knowledge and experience with performing Linux Command Line actions to support Splunk Servers.
6.Desire to coordinate efforts with different technology groups to implement log ingestion to On-Premises Splunk and/or Splunk Cloud.
7.Experience supporting Security Operations Center objectives 8.Proactively work with appropriate teams to implement and test new detection rules and procedures.
9.Experience providing advanced analysis and correlation across cyber events, logs, and artifacts 10.Familiarity with RMF accreditation processes 11.Participating in red/blue testing to confirm/tune detection and alerting mechanisms via Splunk 12.Experience in creating and maintaining SOP’s 13.Knowledge of DISA Security Technical Information Guides, NIST SP 800-61, CJCSM 6510.01 B, United States Cyber Command guidelines, and other applicable DoD Cybersecurity and Computer Network Defense policies 14.Experience developing and reporting metrics, preferably in a near-real time dashboard or common operating picture.
Develop, maintain, and provide a daily and weekly brief that captures all the cyber events including
Location: Quantico, VA Hybrid (2 Days onsite,3 Days Offsite. Additional on-site days may be required to meet mission requirements)
Clearance: Active Top Secret a MUST
Certification(s):
1. IAT Level II REQUIRED
2. Any level of Splunk certification
Support SOC personnel with Incident Response, Threat Hunting, Trends Analysis, and other Cyerbersecurity objectives Liaise with different stakeholders to coordinate ingestion of logs to Splunk
EDUCATION REQUIREMENTS:
1.Bachelor’s Degree in Information Technology, Information Systems Management, or Cybersecurity (Preferred)
BASIC QUALIFICATIONS:
1.Five (3-5) years of experience with multi-enclave enterprise On-Premises Splunk/Splunk Cloud Engineering 2.Ability to provide support to Incident Responders and other SOC Members for developing queries, alerts, dashboards, etc. via Splunk.
3.Ability to manage and implement various Splunk Apps such: Enterprise Security, ITSI, etc.
4.Maintaining health of Splunk environment 5.Knowledge and experience with performing Linux Command Line actions to support Splunk Servers.
6.Desire to coordinate efforts with different technology groups to implement log ingestion to On-Premises Splunk and/or Splunk Cloud.
7.Experience supporting Security Operations Center objectives 8.Proactively work with appropriate teams to implement and test new detection rules and procedures.
9.Experience providing advanced analysis and correlation across cyber events, logs, and artifacts 10.Familiarity with RMF accreditation processes 11.Participating in red/blue testing to confirm/tune detection and alerting mechanisms via Splunk 12.Experience in creating and maintaining SOP’s 13.Knowledge of DISA Security Technical Information Guides, NIST SP 800-61, CJCSM 6510.01 B, United States Cyber Command guidelines, and other applicable DoD Cybersecurity and Computer Network Defense policies 14.Experience developing and reporting metrics, preferably in a near-real time dashboard or common operating picture.
Develop, maintain, and provide a daily and weekly brief that captures all the cyber events including
group id: 10191027
