Posted today
Unspecified
Mid Level Career (5+ yrs experience)
Unspecified
No Traveling
IT - Security
Raleigh, NC (On/Off-Site)
*This is a SkillBridge Opportunity - Ideally looking for candidates that are able to begin in January*
IMPORTANT - PLEASE READ:
To be eligible for the DoD SkillBridge program, you MUST be an active-duty service member within 180 days of separation or retirement, have completed at least 180 continuous days of active duty, have an honorable discharge status, and obtain unit commander approval.
Top Skills' Details
1. Splunk SIEM Proficiency: Building Searches, Dashboards, detection tuning and partnering with others on SOAR Playbooks
2. Threat Hunting & Telemetry Gap Analysis: Knowing & Understanding what data (DNS, IPs, etc) is needed, spotting gaps and working with engineers to onboard resources
3. Incident Triage & Cross functional Communication: Experience triaging incident requests, third party alerts and collaborating with system owners or escalating to SMEs
Job Description
*** THIS IS A SKILLBRIDGE OPPORTUNITY***
Security and Compliance (S&C) works to monitor, protect and secure the university’s IT infrastructure, data and operations; safeguard the privacy of the university community; and maintain compliance with applicable laws, licenses and regulations. Responsibilities include risk management, program-compliance development, cybersecurity operations, license management and IT Purchase Compliance. S&C is your partner in protecting the university from cyberattacks — because it takes every member of the Pack doing their part to protect both personal and university data.
The Security Operations Center consists of 4 people, one manager and three Analysts. They are in need of bringing on an Analyst for a vacancy that will eventually lead to a full time opportunity. You will be responsible for owning day-to-day detection/response, help mature Splunk Dashboards and SOAR Automation, and drive threat-hunting insights.
Key Responsibilities
• Triage security tickets from ServiceNow and third-party partners; investigate, contain, and document outcomes.
• Perform Splunk investigations (searches, correlation, dashboards); propose/tune detections and contribute to SOAR playbooks.
• Conduct basic threat hunting; identify telemetry gaps (e.g., DNS, EDR, NetFlow/Plixer, Suricata) and partner with engineers to onboard data sources.
• Remediate common email/phishing cases; reduce false positives and alert fatigue.
• Coordinate with system owners, SMEs, and leadership; escalate appropriately (MFA/Duo, EDR, network).
• Support incident management workflows and evidence handling; collaborate with legal/OGC and campus police when required.
Additional Skills & Qualifications
• 2–5 years in a SOC or security operations role (higher-ed or MSP acceptable).
• Hands-on Splunk SIEM: SPL querying, dashboards, detection tuning; exposure to SOAR is a plus.
• Solid fundamentals: TCP/IP, DNS/HTTP, log analysis, phishing remediation, incident handling.
• Experience with CrowdStrike or another EDR; ability to pivot across EDR, SIEM, and network data.
• Comfortable working tickets in ServiceNow (or similar) and communicating with diverse campus stakeholders.
• Nice to have: Google Workspace/Admin Console familiarity; Suricata; NetFlow/Plixer; basic scripting (Python) for automation; relevant certs (Security+, Splunk Core/Enterprise, GCIH/GCIA).
Employee Value Proposition (EVP)
Remote with occasional Onsite Meetings as needed
- Opportunity to support a large R1 Institution where you are NOT Siloed
- Full Time Opportunity at the end of it which could be anywhere from 8-12 months.
IMPORTANT - PLEASE READ:
To be eligible for the DoD SkillBridge program, you MUST be an active-duty service member within 180 days of separation or retirement, have completed at least 180 continuous days of active duty, have an honorable discharge status, and obtain unit commander approval.
Top Skills' Details
1. Splunk SIEM Proficiency: Building Searches, Dashboards, detection tuning and partnering with others on SOAR Playbooks
2. Threat Hunting & Telemetry Gap Analysis: Knowing & Understanding what data (DNS, IPs, etc) is needed, spotting gaps and working with engineers to onboard resources
3. Incident Triage & Cross functional Communication: Experience triaging incident requests, third party alerts and collaborating with system owners or escalating to SMEs
Job Description
*** THIS IS A SKILLBRIDGE OPPORTUNITY***
Security and Compliance (S&C) works to monitor, protect and secure the university’s IT infrastructure, data and operations; safeguard the privacy of the university community; and maintain compliance with applicable laws, licenses and regulations. Responsibilities include risk management, program-compliance development, cybersecurity operations, license management and IT Purchase Compliance. S&C is your partner in protecting the university from cyberattacks — because it takes every member of the Pack doing their part to protect both personal and university data.
The Security Operations Center consists of 4 people, one manager and three Analysts. They are in need of bringing on an Analyst for a vacancy that will eventually lead to a full time opportunity. You will be responsible for owning day-to-day detection/response, help mature Splunk Dashboards and SOAR Automation, and drive threat-hunting insights.
Key Responsibilities
• Triage security tickets from ServiceNow and third-party partners; investigate, contain, and document outcomes.
• Perform Splunk investigations (searches, correlation, dashboards); propose/tune detections and contribute to SOAR playbooks.
• Conduct basic threat hunting; identify telemetry gaps (e.g., DNS, EDR, NetFlow/Plixer, Suricata) and partner with engineers to onboard data sources.
• Remediate common email/phishing cases; reduce false positives and alert fatigue.
• Coordinate with system owners, SMEs, and leadership; escalate appropriately (MFA/Duo, EDR, network).
• Support incident management workflows and evidence handling; collaborate with legal/OGC and campus police when required.
Additional Skills & Qualifications
• 2–5 years in a SOC or security operations role (higher-ed or MSP acceptable).
• Hands-on Splunk SIEM: SPL querying, dashboards, detection tuning; exposure to SOAR is a plus.
• Solid fundamentals: TCP/IP, DNS/HTTP, log analysis, phishing remediation, incident handling.
• Experience with CrowdStrike or another EDR; ability to pivot across EDR, SIEM, and network data.
• Comfortable working tickets in ServiceNow (or similar) and communicating with diverse campus stakeholders.
• Nice to have: Google Workspace/Admin Console familiarity; Suricata; NetFlow/Plixer; basic scripting (Python) for automation; relevant certs (Security+, Splunk Core/Enterprise, GCIH/GCIA).
Employee Value Proposition (EVP)
Remote with occasional Onsite Meetings as needed
- Opportunity to support a large R1 Institution where you are NOT Siloed
- Full Time Opportunity at the end of it which could be anywhere from 8-12 months.
group id: 10105424
Accelerating IT transformation in the public sector
