Job Description :
Position :
LOCATION: REMOTE with some time in VIENNA/COLUMBIA, MD
LENGTH: 6-9 MONTHS
OTHER: MUST HAVE ACTIVE DoD SECRET CLEARANCE
MUST BE US CITIZEN!
General Skills
System Administrator experience: multiple years for the installed Operating Systems (RHEL 7)
Computer Networking proficiency
Internet/Web technology proficiency
Scripting/coding experience is preferred
8570 Certification
SIEM Skills
ES concepts
Security monitoring and Incident investigation
Assets and identities
Detecting known types of threats
Monitoring for new types of threats
Using analytical tools
Analyze user behavior for insider threats
Use risk analysis and threat intelligence tools
Use protocol intelligence and live stream data
Use investigation timelines and journal tools
Build glass tables to display security status
Splunk Specific Skills
Expert knowledge of scripting, including Python and Powershell, and regex.
Experience in developing Splunk queries and dashboards targeted towards an information security, IT operations or business context.
Capable of evaluating log sources for valuable data in an information security, IT operations or business context.
Experience in developing Splunk ES correlation searches or experience working with ES.
In-depth experience with general IT security concepts, network security and monitoring practices/methodologies
Advanced knowledge about Splunk architecture and various components (indexer, forwarder, search heads, deployment server), Heavy and Universal forwarders.
Work with the data owner to develop visualizations and activity based on identified use cases.
Experience working with large datasets to generate insights by using Splunk at scale.
Certified Splunk Architect, or at minimum a Certified Splunk Admin