Splunk SME
Employer Active
Job Alert
You will be updated with latest job alerts via email
Job Alert
You will be updated with latest job alerts via email
Job Description
This is a remote position.
Rate: DOE
Duration: 2 months Fully Remote
Location: Dallas TX
Citizenship Required by Federal Contract
PreQualifying Questions:
1. Do you have the required skills
2. Are you eligible to work on a government project
Skills:
.
At least 5 years of experience in the IT industry with strong technical knowledge on AWS Infrastructure & security services (EC2 ELB Guardduty Conf.
.
Hands on experience in terraform IaC deployments and ability to implement security automation.
.
Strong experience working on enterprise security solutions such as WAF IPS DDOS and SIEM..
.
Good technical experience managing products like Splunk enterprise security Tenable Nessus PaloAlto firewall Cortex XSOAR.
.
Good understanding of security controls related to regulatory requirements such as NIST PCI ISO 27001 HIPAA compliance etc.
.
Architecture certification (Google Amazon Azure) from a major cloud platform.
.
Information Security Certification is a plus: ISO 27001 CISSP or CISM or other equivalent.
.
Experience working on FedRamp compliant projects is a plus.
.
Senior Terraform and Ansible Scripting.
.
Must be eligible to work on a government project
Requirements:
Cloud Security SME specialized in Splunk ES and XSOAR
Splunk skillset Requirements:
.
Strong handson working experience in Splunk Installation and UNIX management Splunk architecture and components including search heads indexers and forwarders.
.
Installed configured and maintained Splunk Add ons and Apps such as but not limited to: Splunk AddOn for AWS Splunk AddOn for Windows and Google Workspace for Splunk.
.
Creation of new dashboards reports or analytics
.
Managed a clustered environment with multiple indexers and search heads.
.
Administered both Splunk Enterprise and Splunk Enterprise Security.
.
Worked closely with various Security and Platform Engineering teams to onboard new data from various sources.
.
Creation of new alerts custom rules.
.
Maintaining the security of splunk and its related components and indexes
.
Maintaining current patch levels for all splunk components including the Linux host OS patching and upgrading
.
Performing major version upgrades including the Linux host OS Splunk components as necessary
.
Troubleshooting and resolving splunk issues as necessary
.
Candidates with Splunk Enterprise Security Certified Admin or Splunk Certified Cybersecurity Defense Analyst certification will be preferred.
XSOAR skillset Requirements:
.
Experience in XSOAR with ability to configure existing and/or create new Incident Types Incident Fields Classifications & Mappings
.
Ability to build new or modify existing Playbooks including implementation of Generic Polling and similar tasks
.
Ability to configure and manage Threat Intelligence Management (TIM) features in XSOAR
.
Palo Certified Security Automation Engineer (PCSAE) preferred
What You Bring To The Team:
.
Can work autonomously deliver with minimal supervision from a set of requirements
.
Demonstrated ability to think strategically about business product and technical challenges
.
Has excellent communication skills to work as a member of a team
.
Ability to function in an agilebased environment and provide good daily feedback on team standup call
.
Good communication skills verbal / written
Deliverables:
.
Process Flows
.
Mentor and Knowledge transfer to client project team members
.
Participate as primary co and/or contributing author on any and all project deliverables associated with their assigned areas of responsibility
.
Participate in data conversion and data maintenance
.
Provide best practice and industry specific solutions
.
Advise on and provide alternative (out of the box) solutions
.
Provide thought leadership as well as hands on technical configuration/development as needed.
.
Participate as a team member of the functional team
.
Perform other duties as assigned.
At least 5+ years of experience in the IT industry with strong technical knowledge on AWS Infrastructure & security services (EC2, ELB, Guardduty, Conf. Hands on experience in terraform IaC deployments and ability to implement security automation. Strong experience working on enterprise security solutions such as WAF, IPS, DDOS, and SIEM.. Good technical experience managing products like Splunk enterprise security, Tenable Nessus, PaloAlto firewall, Cortex XSOAR. Good understanding of security controls related to regulatory requirements, such as NIST, PCI, ISO 27001, HIPAA compliance etc. Architecture certification (Google, Amazon, Azure) from a major cloud platform. Information Security Certification is a plus: ISO 27001, CISSP or CISM or other equivalent. Experience working on FedRamp compliant projects is a plus. Senior Terraform and Ansible Scripting. Must be eligible to work on a government project
Employment Type
Full Time
