DirectClient: Office of the Attorney General of Texas(OAG)
Solicitation#302CSD2130
Title: Splunk Architect/Engineer
Location: OAG-CSD State Office located at 5500 E. Oltorf St, Austin, TX 78741/Telecommuting
Duration: Until 8/31/2021 with possible extension upto 8/31/2022
Last date for submission: May 28, 2021 (2.00 PM-CST)
DESCRIPTION OF SERVICES:
Security Information and Event Management (SIEM) is one of the key focus solution areas within the Enterprise Information Security (EIS) division. The Security Analyst is required to work on and lead the SIEM architecture, implement and design use cases tailored to monitor and protect our hybrid data center and cloud environments as well as improve our security posture.
Ideally, we are looking for a Splunk Architect and Engineer with experience working on premise and/or in the Splunk cloud.
This person will need to have hands-on experience with Splunk including:
• Collaborating across the IT organization to ensure application, infrastructure, identity, and access management events are configured and monitored
• Designing and maintaining production-quality dashboards
• Troubleshooting Splunk server agent problems and issues
• Mentoring and training security users and administrators
• Serving as a Splunk escalation point for IT and Security operations
CANDIDATE SKILLS AND QUALIFICATIONS
Minimum Requirements:
Years Required/Preferred Experience
8 Required Experience working in Cybersecurity space.
5 Required Experience in architectural design and implementation of Splunk SIEM solutions
5 Required Ability to assess customer's situation, business needs, complex problems, and provide expert recommendations in the areas of Splunk knowledge management, administration, and architecture
5 Required Hands on experience as a Splunk Administrator
5 Required Hands-on development experience using 1 or more SIEM query languages
5 Required Proven experience migrating and upgrading Splunk environments
5 Required Experience in the supporting policy, procedures and practices required to deliver and maintain an effective operational SIEM solution
5 Required Experience in implementing, managing, and/or working in a Security Operations Center
5 Required Understanding of legislative demands and compliance requirements mitigated through SIEM
5 Required Has leadership qualities, able to work well independently as well as a team member
5 Required Well organized with a healthy sense of urgency, able to set, communicate, and meet aggressive deadlines with competing priorities
5 Required Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents, and lead and work as part of a team
4 Required Graduation from an accredited four-year college or university with major coursework in cybersecurity, information technology, computer engineering, computer information systems, computer science, management information systems
4 Required Experience in the following (or closely related) fields may be substituted for the required education on a year-for-year basis: information security, information technology, or risk management
1 Required Professional Accreditations (CISSP, CISM, Vendor Certifications, or equivalent certifications)
7 Preferred Research and analytical background and an analytical approach, especially with respect to event classification, event correlation, and root cause analysis
7 Preferred Possess a solid understanding of application security standards, frameworks, attack methods, and mitigation best practices (e.g., OWASP, SANS, NIST, PCI DSS, HIPAA, CIS Critical Controls)
5 Preferred Experience in creating, documenting, and maintaining policies, procedures, and workflows is strongly preferred
3 Preferred Understanding of Cloud based solutions such as AWS, Azure, and/or Google Cloud.
1 Preferred Splunk Enterprise Certified Architect; Splunk Enterprise Security Certified Admin; Splunk Phantom Certified Admin; Splunk Cloud Certified Admin