Apply on Employer Site

GuROO LLC · 1 day ago

Splunk Engineer ISSE

Warrenton, VA

Full-time

Onsite

Senior Level, Lead/Staff

$140K/yr - $140K/yr

10+ years exp

GuROO is dedicated to providing Enterprise Network Engineering and IT support to various sectors including commercial corporations and government agencies. The Senior Information Security Engineer will be responsible for managing and supporting a complex Splunk environment, ensuring security compliance, and conducting vulnerability assessments among other duties.

Information TechnologyIT ManagementProfessional ServicesProject Management

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Provide overall engineering, and administration in supporting a very large distributed clustered Splunk environment consisting of search heads, indexers, deployers, deployment servers, heavy/universal forwarders, and Splunk Enterprise Security, spanning security, performance, and operational roles

Experience creating custom dashboards, writing queries, building, and generating reports, and setting up alerts and notifications

Demonstrated proficiency with recognizing and onboarding new data sources into Splunk, analyzing the data for anomalies and trends, and building dashboards, searches, reports, etc. highlighting the key trends of the data

Coordinate with the SOC to build threat detection logic and dynamic operational dashboards

Implement and manage Splunk apps, queries, dashboards, alerts, and reports to provide actionable insights to various teams

Perform log auditing and log management. Work closely with the operations team to monitor systems and environments for security incidents and general security operations. Ensure SC is being updated regularly; address unsuccessful updates of the SC and identify the root cause of the unsuccessful update

Administering Red Hat Linux based systems with minimal support, to include patching, creating RPM packages, performance tuning, networking, user management (LDAP), and security

Installing, administering, and troubleshooting recent versions of Red Hat 8.x and 9.x

Managing and maintaining Red Hat Satellite/Ansible

Ability to work within VMWare, VCenter and Nutanix building Red Hat systems

Creates and implements methods and procedures for inspecting, testing, and evaluating the security and effectiveness of products and production equipment

Effectively choose the appropriate standards, processes, procedures, and tools throughout the system development life cycle to support the generation of the security engineering products

Design technical, operational, and organizational controls to maintain acceptable security posture

Administration/operation of information security compliance tools/platforms with a special concentration in managing the Assured Compliance Assessment Solution (ACAS) and ForeScout

Configure, optimize, and test vulnerability scans against new and existing Operating Systems/platforms

Configure, operate, and maintain HBSS and its components (ePolicy Orchestrator, McAfee Agent, Data Loss Prevention, Host Intrusion Prevention System, Policy Auditor, Asset Baseline Monitor, and Virus Scan Enterprise) on Windows/Linux creating exceptions to allow essential processes to continue uninterrupted

Provide guidance on vulnerability and malware remediation

Configure, operate, and maintain ForeScout, Trip Wire and Ivanti tool suites

Identify potential conflicts with implementation of any cyber security tools within the enterprise and develop recommendations to remediate these conflicts

Provide Tier 3 maintenance support for deployed cyber security technologies

Assist with periodic and regular security assessments

Assist with the development and maintenance of information security policies, standards, and control procedures to enable compliance with RMF

Assist with POA&M management, mitigation statement formulation, interfacing with system administrators to resolve open findings of high and at-risk systems

Experience with developing and presenting vulnerability information for technical and non-technical audiences

Well-developed verbal and written communication skills

Qualification

SplunkRed Hat LinuxACASHBSSForeScoutNessusVulnerability ScanningCybersecurity ComplianceCommunication SkillsTeam Collaboration

Required

Active Top-Secret clearance with SCI

10 years of experience & BS or BA degree in a Computer Science or a related scientific discipline

2+ years of experience in a Splunk role working in a Splunk clustered environment

2+ years of knowledge and experience with ACAS and HBSS administration

Must meet DoD 8570.01-M IAT-II baseline certification requirements such as SEC+ or equivalent

Working experience with ForeScout

Working experience with NESSUS

Splunk Core Certified Power User (Required)

Top Secret (Required)

Ability to Commute: Warrenton, VA 20186 (Required)

Work Location: In person

Preferred

Possess understanding and experience with common cybersecurity toolsets and processes to include STIGS, IAVA Management and Implementation, and OPORD/FRAGO support

Demonstrated experience in analysis simulation environment, configuring/troubleshooting software/hardware enhancements, application deployments, and infrastructure upgrades in a dynamic information system hosting environment

Operate and maintain the Splunk operational architecture, to include the management of centralized log servers and reporting systems

Ability to install and Configure Splunk Applications

Ability to build and configure Splunk Indexers, Search Heads, Deployment, Management, Heavy Forwarders and Deployer on a Red Hat Linux Platform

Ability to troubleshoot and fix Splunk, Red Hat Linux and Network findings

Ability to configure Splunk Enterprise Security Application

Red Hat certification

Splunk Core Certified Advanced Power User, Splunk Enterprise Certified Admin, Splunk Enterprise Certified Architect, or Splunk Core Certified Consultant