Information Assurance (IA) Splunk Engineer

The mission is to support, operate, and maintain the Distributed Continuity Integrated Network – Top Secret Enterprise Services (DCIN-TS ES). The DCIN-TS ES is a DoD provided, TS/SCI, integrated voice, video, and data, global communications network that facilitates collaboration among senior leaders and key staff.

Candidates are expected to have a strong work ethic and possess the ability to work as a critical member of a team in pursuit of mission objectives and in support of our customers. We value candidates who are detail-oriented while also being able to think and react quickly to emerging and unique problem sets. To be successful in this role, you'll be able to rapidly adapt and learn how to operate the front and back end of new products and processes.

Responsibilities:

• Provide overall engineering, and administration in supporting a very large distributed clustered Splunk environment consisting of search heads, indexers, deployers, deployment servers, heavy/universal forwarders, and Splunk Enterprise Security, spanning security, performance, and operational roles.
• Experience creating custom dashboards, writing queries, building, and generating reports, and setting up alerts and notifications.
• Demonstrated proficiency with recognizing and onboarding new data sources into Splunk, analyzing the data for anomalies and trends, and building dashboards, searches, reports, etc. highlighting the key trends of the data.
• Coordinate with the SOC to build threat detection logic and dynamic operational dashboards.
• Implement and manage Splunk apps, queries, dashboards, alerts, and reports to provide actionable insights to various teams.
• Perform log auditing and log management. Work closely with the operations team to monitor systems and environments for security incidents and general security operations. Ensure SC is being updated regularly; address unsuccessful updates of the SC and identify the root cause of the unsuccessful update.
• Administering Red Hat Linux based systems with minimal support, to include patching, creating RPM packages, performance tuning, networking, user management (LDAP), and security.
• Installing, administering, and troubleshooting recent versions of Red Hat 8.x and 9.x
• Managing and maintaining Red Hat Satellite/Ansible
• Ability to work within VMWare, VCenter and Nutanix building Red Hat systems.
• Creates and implements methods and procedures for inspecting, testing, and evaluating the security and effectiveness of products and production equipment.
• Effectively choose the appropriate standards, processes, procedures, and tools throughout the system development life cycle to support the generation of the security engineering products.
• Design technical, operational, and organizational controls to maintain acceptable security posture.
• Administration/operation of information security compliance tools/platforms with a special concentration in managing the Assured Compliance Assessment Solution (ACAS) and ForeScout.
• Configure, optimize, and test vulnerability scans against new and existing Operating Systems/platforms.
• Configure, operate, and maintain HBSS and its components (ePolicy Orchestrator, McAfee Agent, Data Loss Prevention, Host Intrusion Prevention System, Policy Auditor, Asset Baseline Monitor, and Virus Scan Enterprise) on Windows/Linux creating exceptions to allow essential processes to continue uninterrupted.
• Provide guidance on vulnerability and malware remediation.
• Configure, operate, and maintain ForeScout, Trip Wire and Ivanti tool suites.
• Identify potential conflicts with implementation of any cyber security tools within the enterprise and develop recommendations to remediate these conflicts.
• Provide Tier 3 maintenance support for deployed cyber security technologies.
• Assist with periodic and regular security assessments.
• Assist with the development and maintenance of information security policies, standards, and control procedures to enable compliance with RMF.
• Assist with POA&M management, mitigation statement formulation, interfacing with system administrators to resolve open findings of high and at-risk systems.
• Experience with developing and presenting vulnerability information for technical and non-technical audiences.
• Well-developed verbal and written communication skills.

Qualifications:

• Must have active Top-Secret clearance with SCI
• BS or BA degree in a Computer Science or a related scientific discipline
• 10 years of experience
• Must meet DoD 8570.01-M IAT-II baseline certification requirements such as SEC+ or equivalent.
• Working experience with ForeScout
• Working experience with NESSUS
• 2+ years of experience in a Splunk role working in a Splunk clustered environment.
• 2+ years of knowledge and experience with ACAS and HBSS administration.

Preferred:

• Possess understanding and experience with common cybersecurity toolsets and processes to include STIGS, IAVA Management and Implementation, and OPORD/FRAGO support.
• Demonstrated experience in analysis simulation environment, configuring/troubleshooting software/hardware enhancements, application deployments, and infrastructure upgrades in a dynamic information system hosting environment.
• Operate and maintain the Splunk operational architecture, to include the management of centralized log servers and reporting systems.
• Ability to install and Configure Splunk Applications
• Ability to build and configure Splunk Indexers, Search Heads, Deployment, Management, Heavy Forwarders and Deployer on a Red Hat Linux Platform
• Ability to troubleshoot and fix Splunk, Red Hat Linux and Network findings.
• Ability to configure Splunk Enterprise Security Application
• Red Hat certification.
• Splunk Core Certified Advanced Power User, Splunk Enterprise Certified Admin, Splunk Enterprise Certified Architect, or Splunk Core Certified Consultant