Splunk Architect/ Engineer

Description:

• Requires extensive knowledge of computer operating systems, networks, log analysis and security tools.
• Applies engineering principles to cybersecurity challenges.
• Necessary skill areas: fundamentals of computer science, information analysis, testing software, log analysis, event correlation, anomaly detection, and behavioral analysis.
• Defining cybersecurity controls for different systems and networks.
• Creates novel cyber security technology components to ensure that critical systems/information are resilient to cyber exploits and attacks.
• Performs attendant vulnerability assessments, analysis, and software engineering and design.
• Ensures cybersecurity needs established and maintained for operations, security requirements definition, security risk assessment, information systems analysis, information systems design, information systems hardening, configuration and maintenance of other security boundary devices (IDS/IPS, Firewalls, perimeter routing) and vulnerability scanning, incident response, disaster recovery, and operations continuity planning and provides analytical support for security policy development and analysis. Engineers, implements, and maintains Information Technology Infrastructure and associated cybersecurity controls.
• Areas of responsibility include but are not limited to information security operations, cyber risk & intelligence, data loss & fraud protection, regulatory compliance, policy management and audits & assessment.
   

Key Responsibilities
 

• Assist with information technology risk assessments for systems, software, or configurations.
• Helps with the validation security control configuration on systems, ensure all systems are configured to necessary controls, such as NIST, DFARS 252.204-7012, CMMC, and other similar requirements.
• Actively collaborates with customers and external teams, derives tasks from detailed requirements.
• Design and interpret security requirements and practices to meet enterprise accreditation goals.
• Provide leadership to lower-level cybersecurity and IT professionals across the enterprise.
• Approve modification to critical information systems and directs implementation of configuration changes.
   

Additional Responsibilities
 

• Administer the Splunk application infrastructure for the ICD/organization.
• Provide support for design, architecture, development, deployment, installation, configuration, integration, operation, and maintenance of Splunk resources.
• Create standardized documentation for Splunk deployments.
• Deploy and maintain dashboards, reports, alerts, technology apps/add-ons, and Common Information Model (CIM) compliance.
• Support the expansion of the current Splunk environment to include Splunk Enterprise Security (ES) and Security Orchestration, Automation & Response (SOAR).
• Support system and data integration within the security tool ecosystem within ICD
• On-board additional data sources with the assistance of stakeholders across the institution.
• Tune new and existing data streams, alerts, reports, and data models.
• Identify and remediate gaps in existing Splunk security posture and deployment.
• Mentor junior analysts in Splunk use and best practice.
   

Required Minimum Qualifications
 

• Ability to obtain a secret security clearance.
• Experience in implementing Splunk applications, tools, and add-ons, including ES and SOAR.
• Solid technical understanding of cybersecurity concepts, standards, guidelines, and principles.
• Excellent written and oral communication skills.
• One or more intermediate cybersecurity certifications such as: Certified Ethical Hacker (CEH), PenTest+, GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Enterprise Defender (GCED), GIAC Certified Forensic Analyst (GCFA), GIAC Certified Incident Handler (GCIH) or equivalent.
• One or more baseline specialized certifications such as: Splunk Cloud Certified Admin, Splunk Enterprise Certified Admin, Splunk Enterprise Certified Architect.
   

Preferred Qualifications
 

• Active Secret Clearance.
• 6 years of experience in Splunk/SIEM administration.
• Master's degree.
• One or more advanced cybersecurity certifications such as: Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or equivalent.
• One or more intermediate specialized certifications such as: Splunk Enterprise Security Certified Admin, Splunk SOAR Certified Automation Developer, Splunk Certified Cybersecurity Defense Analyst.
   

Qualifications
 

• Experience level: Experienced
• Minimum 9 years of experience
• Education: Bachelors (required)