Position Location: MacDill AFB, Tampa, FL/Fort Bragg, Fayetteville, NC
Description: SOFtact Solutions is seeking a subject matter expert (Master) with the ability to implement Splunk solutions in support of IT operations. The Security Engineer will maintain various security technologies and applications including the Splunk Enterprise Security (ES) premium application. This role requires the ability to design, architect, and implement Splunk solutions in support of cyber-security and IT operations analysts and data scientists. This role’s focus is primarily on engineering, maintaining, and monitoring a large Splunk deployment in a distributed and clustered environment. A key aspect of this job will be to help build and direct the Splunk technical capability. The successful candidate will have experience in architecting, implementing, and using Splunk solutions and applications to integrate data feeds and create content in a distributed computing environment. The candidate must have robust Splunk experience and be able to work collaboratively with diverse end users and a geographically-distributed team. This position requires a TS/SCI security clearance.
Education: Bachelor’s degree in Computer Science, MIS or related technical field required (or equivalent experience)
Qualifications: 5+ years professional experience supporting and maintaining SIEM systems (required) with strong experience utilizing Unicorn (preferred)
- Enable Security Information and Event Management (SIEM) integration
- Act as the lead for Operations, Maintenance, and Configuration Management for all Security Operations Center (SOC) and SIEM tools
- Lead technical troubleshooting efforts for complex network environments to identify and eliminate network or security configuration issues for SIEM data collection
- Responsible for SIEM security design review and recommendations, technical data gathering, security and policy review and configuration, security device implementation planning, configuration and implementation of security products, and technical quality assurance
- DoD 8570 Certification in the IAT Level III and/or CNDSP tier or obtain within six months (Required)
- Splunk Enterprise Security experience, including administration and integration with backend systems (Required)
- 2+ years of experience supporting cloud computing environments: AWS, Azure, GCP, etc. (Preferred)
- Experience with incident response, investigation, and incident handling
- Experience with other big data analytics solutions: Elastic, Palantir, ArcSight, etc. (Preferred)
- Knowledge of network security zones, firewall, and IDS
- Knowledge of log formats for syslog, http logs, and DB logs
- Knowledge of enterprise endpoint security products: McAfee e-Policy Orchestrator, Cylance, Microsoft Defender, etc.
- Knowledge of network security tools and appliances: Cisco ISE, Palo Alto NextGen Firewalls, Blue Coat, etc.
- Knowledge of Linux platforms
- Provide advanced experience architecting and managing Splunk Core and Splunk ES
- Manage TAs, source types and data formats, search and index clustering, Splunk ES and data models, upgrades, etc.
- Create custom parsers, correlation rules, and development automation for alerting security personal to potential security incidents
- Perform log debugging within the Splunk infrastructure and from remote sources i.e. syslog-ng, Windows, RHEL, networking devices, etc.
- Serve as a Subject Matter Expert (SME) for improvements, implementation, administration, and operations to Cybersecurity systems
- Perform upgrades of server and host-based security solutions
- Evaluate new products as they are being considered and provide recommendations for usage
- Development of tailored Splunk reports, dashboards, alerts, and advanced queries