Job Description
At Lifescale Analytics, we help achieve data-driven decisions by leveraging strategic technologies to create innovative solutions that ultimately help our clients to navigate their ever-changing data landscape. We have an opportunity for a Splunk Cyber Security Solutions Engineer II, preferred candidates in Morrisville, NC; Falls Church, VA; Eagan, MN but remote support in the following states is authorized: Florida (FL), Georgia (GA), Minnesota (MN), North Carolina (NC), South Carolina (SC), Ohio (OH), Tennessee (TN), Texas (TX) or Virginia (VA). Note: Relocation and travel expenses are not covered by the employer/client.
Applicants responding for this position must be a US Citizen and will be subjected to a government security investigation which requires possessing the ability to view classified government information, background checks and drug screening. All applicants applying must have lived in the US for the past 5 years and cannot have traveled out of the country more than 6 months (cumulatively) in the past five years. (Military Service excluded).
The Employer will not sponsor applicants for any employment visas, at hiring or in the future, including but not limited to H-1B or EAD visas. Corp-to-Corp or subcontract personnel will not be considered for this position.
Requirements include but not limited to:
- Splunk Service Engineer is responsible for tuning and configuration of Splunk Core and Splunk Enterprise Security (ES) services, develop use cases with CISO end users to build content and assist in developing advanced security use cases.
- Participate in requirements gathering, solutions architecting, design and build of technology solutions to support Continuous Monitoring Program.
- Assist, train, and host workshops for CISO teams.
- Support off-hours and weekend efforts for incident investigations and systems maintenance.
Experience Level – Must have demonstrated knowledge and experience in:
- Extensive experience (5+ years) in information security operations and/or related IT operational functions
- Develop and Implement Actionable Alerts and Workflow for Splunk as a SIEM (Security Information & Event Management) tool
- Develop and Implement Apps & Knowledge Objects (KO) like Dashboard, Reports, Data Models
- Work with the Splunk Architect/Admin to promote private KO to Global KO
- Assist, and/or train CISO Splunk Engineering team on Data Lifecycle Support
- Assist, train, and/or host workshops CISO teams and analysts on Searching and Content Development
- Develop and implement automation to improve efficiency of CISO workflows using Splunk
- Assist in development of advanced security use cases in Splunk
- Develop risk rules and risk incident rules to correlate and alert to significant cyber events.
- Develop custom dashboards specific to RBA (Risk Based Alerting) to highlight risk detail, health analysis and risk suppression.
- Configure incident response and remediation workflows for ES around notable events (RBA or otherwise alerted)
- Develop custom machine learning (ML) models to support anomaly-detection based augmentation of alerting
- Work with numerous stakeholders to implement & maintain event logging from various operating systems, applications, identity providers, network infrastructure, and cloud service providers.
- Understanding of network protocols, operating systems, applications, and device event telemetry
- Have strong communication and collaboration skills, both oral and written, with excellent interpersonal and organizational skills.
- Understanding of network defense tools (firewall, IPS/IDS, WAF/CDN, etc.), endpoint defense tools (EDR, anti-malware) a plus
- Experience with SAAS- or cloud-hosted Splunk implementation a plus.
- Ability to support off-hours and weekend efforts for incident investigations and systems maintenance.
- Ability to obtain a Public Trust Security Clearance.
Education:
- Must possess a minimum of a Bachelors Degree in Computer Science, Information Technology or Information Security (Masters Degree preferred).
Certifications: (One or more required)
- CompTIA Net+
- CompTIA A
- CompTIA Security +
- CPTE - Certified Penetration Testing Engineer or CEH - Certified Ethical Hacker
Additional Provisions:
- Pass both a client mandated clearance process which includes drug screening, criminal history check and credit check.
- Candidate must have lived in the United States for the past 5 years.
- Cannot have more than 6 months’ travel outside the United States within the last five years. Military Service excluded. (Exception does not include military family members.)
Visit Original Source:
http://www.indeed.com/viewjob