DTJP00027979
Job Title: SOC Content Engineer w/Splunk
Hours: Standard
Est Duration: 1 year + Idea to extend based on performance
Location: Fully Remote
**Candidate should have strong background in the following**: • Splunk power user or extensive experience with Splunk, dashboard and alert creation experience. • Strong SIEM configuration/maintenance experience • Experience with Splunk log ingestion • Strong network analysis, packet captures, IDS/IPS • Strong MITRE ATT&CK framework who can translate into Splunk alerts
US CITIZENSHIP REQUIRED AND W2 **PLEASE USE THESE PRE-SCREEN QUESTIONS AND ATTACH TO SUBMISSION**
Q1: How would you investigate a phishing email?
Q2: When investigating a suspicious web traffic, what does the status message 200, 302, or 400 mean?
Q3: Can you provide an example Splunk query, where you have an endpoint log source and we want a unique list of hostnames that triggered EventCode 4625?
Q4: Scenario based: A user reports that his computer is acting strangely and is requesting CSIRT to investigate what the issue is. He provides the IP address 192.168.1.5 for his laptop that is running Windows 10. Assume the analyst has access to all the security tools and are not allowed to communicate with the user. Just need to use security tools do perform the investigation. Walk us through the steps you would take to investigate this issue.
Job Description:
The SOC Content Engineer supports the mission of the Security Operations Center. The Content Engineer will work within the Cybersecurity organization to assist in onboarding system and application logs into the Security Information and Event Management System (SIEM). They are responsible for collaborating with Incident Response, Threat Intelligence and Vulnerability Management teams to develop alerts, reports, dashboards and Indicators of Compromise (IOC).
Skills/Qualifications:
- Prior work experience in as SOC and as a Threat Intelligence or Incident Response Analyst.
- Strong knowledge of advisory cyber threat actors including Advanced Persistent Threat (APT) actors, cybercriminal groups, hacktivists, and insider threats.
- Working knowledge of Splunk dashboard creation, search and reporting. Splunk Power User certification a plus.
- Experience in onboarding and creating content for both On-Premise and SaaS applications.
- Knowledge of and experience with standard network logging formats, network management systems and network security monitoring systems, security information and event management, network packet analysis tools and forensic analysis tools
- Knowledge of and experience with web proxy, firewalls, IPS, IDS, mail content scanning appliances, enterprise Antivirus solutions, Network Analyzers, and domain name servers desired
- Strong knowledge of the various cyber threat intelligence models a must. Such as:
- Working knowledge of the Cyber Threat Kill Chain
- Working knowledge of the MITRE ATT&CK Framework
- Strong knowledge of the various structured analytic techniques a must. Such as: Key Assumptions Check, Analysis of Competing Hypotheses (ACH), High-Impact/Low-Probability Analysis
- Demonstrated knowledge in one of more of the following areas: network security principles, host-based security principles, network and system administration, forensic analysis principles, cyber threat intelligence principles, and/or counterintelligence operations
- Proven analytical and report-writing abilities
- Able to manage competing priorities and work efficiently under pressure
Coding and scripting experience a plus
Basic Qualifications
- Bachelor’s degree or equivalent work
- Individuals with CISSP, Security+ certifications
- Knowledge of Federal compliance requirements and frameworks, including DFARS, ITAR NIST 800-171, CMMC level 3 helpful