Splunk SME

Peraton is currently seeking a Splunk SME to become part of Peratons Department of State (DoS) Diplomatic Security Cyber Mission (DSCM) program providing leading cyber and technology security experience to enable innovative effective and secure business processes.

Location: Beltsville MD. Onsite.

This current opening will support a MondayFriday 8:00am to 4:00pm shift.

The DSCM program encompasses technical engineering data analytics cyber security management operational logistical and administrative support to aid and advise DoS Cyber & Technology Security (CTS) Directorate. This includes protecting a global cyber infrastructure comprising networks systems information and mobile devices all while identifying and responding to cyber risks and threats.

In this role you will:

• Work in a team environment with analysts and engineers to protect a global IT infrastructure against the most advanced threat actors!
• Develop content for cyber defense tools.
• Manage SIEM rulesets dashboards and reports from within Splunk EnterpriseSecurity to defend against state actors and other APTs.
• Develop signatures for Suricata Zeek/Bro. Snort and potentially leading vendor cloud environments(Microsoft Azure/Google GCP Amazon AWS)
• Provide new detection capabilities based on emerging threats threat intelligence and Red Team input.
• Assist in administering an active threat database ensuring threat intelligence is ingested and consumed by our SIEM.
• Provide Developer support in a24x7x365environment.
• Determine tactics techniques and procedures for intrusion sets.
• Provide reporting on detection development metrics.

Basic Requirements:

• Bachelors degree and 14 years of relevant experience; or a Masters degree and 12 years of experience. An additional 4 years of experience will be considered in lieu of degree.
• Must possess ONEof the following certifications or the ability to obtain before start date:

  • CASP CEZ CCISOZ CCNA Cyber Ops CCNASecurity CCNP Security CEH CFR CISA CISM CISSP (or Associate) CISSPISSAP CISSPISSEP Cloud CySA GCED GCIA GCIH GICSP GSLC SCYBER

• Expertise in large Splunk environments.
• Experience with Suricata Zeek(Bro) and Snort rulesets.
• Exposure/experience to leading vendor cloud environments ie: Microsoft Azure/Google GCP Amazon AWS Infrastructure as a Service (IaaS) Platform as a Service (PaaS) and Software as a Service (SaaS).
• Expertise in planning implementation and usage of log aggregation and security analysis tools.
• Demonstrated knowledge of the Incident Response Lifecycle and how it applies to cloud legacy and hybrid environments.
• Assist in identifying remediation steps for cybersecurity events.
• Strong organizational skills.
• Proven ability to operate in a time sensitive environment.
• Proven ability tocommunicateorallyand written.
• Experience modifying Splunk ES searches macros and lookup tables.
• Ability to work MondayFriday 8:00am to 4:00pm onsite in Beltsville MD
• U.S. citizenship required.
• Active Secret security clearance with the ability to obtain a final Top Secret clearance.

Preferred Qualifications:

• Knowledge of Python and search syntax like Regex.
• Knowledge of network architecture design and security.
• Knowledge of which system files (e.g. log files registry files configuration files)contain relevant information and where to find those system files.
• Knowledge of packetlevel analysis using appropriate tools.
• Knowledge of intersection of onpremise and cloudbased technologies.
• Experience in developing and delivering comprehensive training programs.
• Familiarity with the MITRE ATT&CK framework.

Peraton is a nextgeneration national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the worlds leading mission capability integrator and transformative enterprise IT provider we deliver trusted highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land sea space air and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day our employees do the cant be done by solving the most daunting challenges facing our customers. Visit peraton to learn how were keeping people around the world safe and secure.