Splunk Engineer with Security Clearance
Marathon TS Inc
2024-11-06 09:45:04
Quantico, Virginia, United States
Job type: fulltime
Job industry: I.T. & Communications
Job description
Cybersecurity Engineer Splunk NCIS Quantico, VA (hybrid) Marathon TS is seeking a Cybersecurity Engineer - Splunk that can correlate threat data from various sources to establish the identity and modus operandi of hackers active in client's networks and posing a potential threat. Provides the customer with assessments and reports facilitating situational awareness and understanding of current cyber threats and adversaries. Develops cyber threat profiles based on geographic region, country, group, or individual actors. Produces cyber threat assessments based on entity threat analysis. May provide computer forensic and intrusion support to high technology investigations in the form of computer evidence seizure, computer forensic analysis, data recovery, and network assessments. Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption. Come join our award-winning organization and work with some of the most talented and brightest minds in the GovCon industry. Location: Quantico, VA (telework flexibility at customer discretion) Security Clearance: Top Secret Responsibilities: Collaborates with intrusion analysts to identify, report on, and coordinate remediation of cyberthreats to the client Provides timely and actionable sanitized intelligence to cyber incident response professionals Leverages technical knowledge of computer systems and networks with cyber threat information to assess the client's security posture Conducts intelligence analysis to assess intrusion signatures, tactics, techniques, and procedures associated with preparation for and execution of cyber-attacks Research hackers, hacker techniques, vulnerabilities, exploits, and provides detailed briefings and intelligence reports to leadership Coordinates with the Cyber Security and Operations teams to build dashboards and queries to assist with threat detection and incident response Participates in developing security-focused content for Splunk implementations across multiple network classifications on Department of Defense (DoD) networks Assists with designing log management and data ingest solutions while ensure efficiency and scalability Supports the development of automation and scripting directly supporting data/threat analysis Implements and manages Splunk add-ons to enhance capabilities to include advanced threat detection and machine learning Supports the A&A authorization of the Splunk environment Monitors system recovery processes to ensure security features and functions are properly restored and functioning correctly following outages Supports implementation efforts for response/actions addressing operational and communication orders from governing organizations Provides expert analysis of logs/alerts/records to prevent or detect anomalies or adverse events Supports the Government in the enforcement of suspected malicious activity Participates in the change management process, including reviewing Change Requests and assisting in the assessment of security impact of proposed changes Works on project teams responsible for engineering and packaging releases to integrate within the customer's production IT environment Guides and advises government customer with Splunk best practice solutions and configurations Supports a growing Cybersecurity team with occasional training evolutions Supports RMF compliance requirements by analyzing processes and recommending solutions Communicates well, both written and verbally Other duties as assigned; associated with and/or in support of your primary role or program mission Minimum Requirements: Active Secret clearance: TS/SCI is highly preferred DoD 8570 (IAT II Level) certification Position requires on-site support at Quantico, VA with telework flexibility at customer's discretion High School with 10 years (or commensurate experience) 5 years of managing Splunk and SIEM systems 2years of security engineering experience working with DoD IT systems and solutions 1 years of experience with application and OS logging Experienced with Splunk Enterprise operations to include: Configuration and system tuning Alert and report creation Deployment scaling User Based Analytics implementation and review Preferred Qualifications: Active Splunk certification highly preferred (Architect/Developer level) Familiar with Splunk Enterprise operations to include: Overall enterprise deployment and implementation Endpoint troubleshooting Splunk account management Deployment scaling DoD STIG dashboard creation ATO of Splunk systems in DoD packages Marathon TS is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities. Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status ").