Splunk Security Engineer
Splunk Security Engineer
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
$ 112000 - 179000
1 Vacancy
Job Description
Responsibilities
As a Splunk Security Engineer you will play a critical role in supporting the Security Operations Center (SOC) mission by maintaining enhancing and expanding the capabilities of the SIEM and other operational tool or platforms. This will include but may not be limited to tasks supporting content management security orchestration development signature development and analytics creation.
As a Splunk Security Engineer you will work on the Cybersecurity engineering team responsible for facilitating operational efficiency stakeholder coordination and mission-aligned cybersecurity initiatives. This position enhances SOC effectiveness by bridging technical operations mission support and strategic objectives ensuring seamless delivery of security services. In this role a typical day will include:
- Lead the development and maintenance of custom dashboards for detections correlations and performance metrics.
- Lead the creation of custom automation workflows and playbooks using platforms (e.g. Splunk SOAR Palo Alto Cortex XSOAR) to streamline incident response threat detection and remediation processes based on organizational needs.
- Onboard log sources from various systems (Windows Linux network appliances cloud services) to ensure full visibility and compliance
- Continuously monitor update and optimize existing automations to adapt to evolving threats improve efficiency and reduce false positives incorporating feedback from SOC teams.
- Produce comprehensive documentation including playbook designs integration details diagrams and user guides to support SOC operations and facilitate knowledge transfer.
- Research and adopt emerging automation technologies threat intelligence and best practices to enhance IoC detections signature creation SOAR capabilities and support proactive threat mitigation.
- Develop maintain and execute automated SOAR playbooks that interact across systems and devices
- Analyze log events correlate data across multiple sources and enhance threat detection and response workflows
- Using SOAR connectors design integrations between Splunk SOAR and standard DoD products such as Trellix ePO Tanium Cisco (FirePower ISE Email Gateways AMP switch/routers) Palo Alto Firewalls Microsoft Active Directory DNS Exchange SharePoint IIS SQL Apache Tomcat RSA SecurID and Nessus VMWare vCenter/ESXi ServiceNow Azure and AWS NetApp Windows and Linux. Connectors may use APIs tokens or service accounts so understanding these options is important
- Configure and manage Splunk Enterprise Security including maintaining CIM compliance Risk-Based Alerting (RBA) ticketing and SIEM integrations
- Update and configure new Enterprise Security Content Updates when released.
- Lead the full lifecycle of automation - from concept through deployment to documentation and tuning
- Build visual dashboards reports and context-aware incident response tools
- Identify threat actor tactics techniques and procedures and develop countermeasures (such as custom signatures and correlation logic) to detect and/or mitigate adversary activity.
- Support operational readiness compliance and proactive detection technologies across endpoint cloud network and email infrastructures
- Maintain existing/create new fleet of Development VMs (Windows Linux) that allow you to test and demonstrate playbook functionality
- Fully test and document playbook execution in the Development environment and be authoritative on presentation of playbook examples to new teams targeted for integration
- Review intelligence reports and provide a daily cyber assessment on the impact to networks.
- Recognize and codify attacker tools tactics and procedures (TTPs) in indicators of compromise (IOCs) that can be applied to current and future investigations.
Qualifications
Required:
- Requires an active Top Secret clearance with SCI eligibility
- 5 years with BS/BA; or 4 years of relevant experience in lieu of degree
- 4 years experience with Splunk Enterprise Security: playbook development troubleshootingand integrations
- 4 years experience with Splunk SOAR/Phantom: playbook development troubleshooting andintegrations
- Experience with Cisco FirePower IDS/IPS. Cisco Security Products
- Experience with security solutions such C2C IAM NDR EDR/XDR SIEM
- Hands-on experience in designing and implementing enterprise security solutions including all related documentation.
- Experience in scripting (e.g. Python PowerShell) APIs and security tools.
- Create new fleet of Development VMs (Windows Linux) that allow you to test and demonstrateplaybook functionality
- Fully test and document playbook execution in the Development environment and beauthoritative on presentation of playbook examples to new teams targeted for integration
- Deep expertise in Splunk Administration security event analysis and Python-based automation
- Strong working knowledge of cross-platform integrations and security tool APIs
- DoD IAT Level III certification required (Security X CISSP GCIH CISA etc)
- Splunk Enterprise Security Administrator
Desired:
- Splunk SOAR/Phantom Certified Administrator
Peraton Overview
Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the worlds leading mission capability integrator and transformative enterprise IT provider we deliver trusted highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land sea space air and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day our employees do the cant be done by solving the most daunting challenges facing our customers. Visit to learn how were keeping people around the world safe and secure.
Target Salary Range
EEO
Employment Type
Full-Time
