Qualifications

â?¢

Bachelorâ??s degree (or foreign equivalent) in a Computer Science, Computer Engineering, or Information Technology field of study (e.g., Information Technology, Electronics and Instrumentation Engineering, Computer Systems Management, Mathematics) or equivalent experience

â?¢

Demonstrable knowledge of one or more of the following Splunk, CISSP, ITIL, Python, PERL, XML, XSL, nmap, Linux, AIX, Windows, SQL (Oracle, MSSQL)

â?¢

5+ years IT experience

â?¢

3+ years of experience with Splunk Core, ES, and/or Phantom modules

â?¢

Background in metrics/reporting

â?¢

Experience identifying and implementing solutions to complex business problems

â?¢

Understanding of various operating systems (z/OS,Window, UNIX, Linux, AIX, etc.)

â?¢

Strong analytical, conceptual, and problem-solving abilities

â?¢

Strong written and oral communication skills

â?¢

Strong presentation and interpersonal skills

â?¢

Ability to conduct research into database issues, standards, and products

â?¢

Ability to present ideas in user-friendly language

â?¢

Able to prioritize and execute tasks in a high-pressure environment

â?¢

Ability to work in a team-oriented, collaborative environment

â?¢

Strong commitment to inclusion and diversity

â?¢

Must be legally authorized to work in country of employment without sponsorship for employment visa status now or in the future

Responsibilities

â?¢

Assignments at this level will focus primarily on Security information and event management (SIEM) and Security Orchestration and Automated Response (SOAR) technologies that support the security operation center (SOC) and threat intelligence (CTI) teams

â?¢

Co-manage SIEM core and Enterprise Security module

â?¢

Work with existing SOAR technologies and work to increase and improve the scope of automation efforts

â?¢

Leverage existing SIEM technologies to improve behavioral and risk-based analysis as well as AI functionality for higher fidelity SOC alerts

â?¢

Work with SIEM partners to enhance dashboards for analytics

â?¢

Work with CTI team to further integrate Threat Intelligence Platform (TIP) with Splunk

â?¢

Work with team to improve version control and infrastructure as code to improve infrastructure BC/DR capabilities

â?¢

Assist the SOC and CTI when required in their investigation and incident response efforts

â?¢

Strategy & Planning

â?¢

Engage other business departments in ongoing initiatives exploring enterprise data lake and data management solutions

â?¢

Work with appropriate teams to improve upon information security policies and standards

â?¢

Acquire and interpret business requirements and functional specifications to recommend security requirements

â?¢

Maintain knowledge of best security practices through training, research, and involvement with local IT security groups

â?¢

Complete move of on premise SIEM / SOAR infrastructure to the cloud

â?¢

Co-manage implementation and administration of a DFARS compliant SIEM solution in the Cloud

â?¢

Work with business for refining policies and standards around SIEM / SOAR related technologies

â?¢

Work with architects and developers to design optimal logging and monitoring practices when developing new applications in the cloud and on premise

â?¢

Assist business on deciding new technologies including tools, components, and frameworks

â?¢

Mentor and coach team members and/or Professional Apprentices

â?¢

Project and task management and reporting as necessary

â?¢

Make presentations to management, clients, and peer groups as requested

â?¢

Split time between in office and working remote

â?¢

Work outside the standard office 7.5-hour workday may occasionally be required as well as willingness to be on-call option for after-hours support