Vacancy expired!
- Identifying and managing the inventory and status of log and enrichment (e.g. identity and assets) sources across all systems.
- Ensuring log data field extractions meet threat detection requirements and follow a common information model across varied sources.
- Managing log source compliance activities at varied points in the ecosystem.
- Creating and enhancing methods to detect log source delivery and data quality issues.
- Mapping log sources to detection use cases
- Creating controls to manage the risks of upstream IT change impact on log sources.
- Delivering metrics on the status of SIEM data - integration & compliance.
- Analyzing Splunk notables
- Support Splunk Cluster deployment
- Support Carbon Black deployment efforts
- Developing dashboards and custom reports
- Performing system upgrades
- Support Incident Response
- +2 years in an IT role such as systems administration, networking, etc.
- +2 years in a role that has supported the maturation of a technology or security function. Examples include business analysis, technical project management, metrics, etc.
- Experience with data analysis.
- At least 2 years experience with current DOD 8570 level III certification
- Experience with SPLUNK SIEM technology
- Secret clearance (will be upgraded to a Top Secret)
- Preferred Knowledge/Experience:
- Experience with SIEM technology - engineering experience preferred.
- Knowledge of IT architecture and operations (computing, network, storage & cloud)
- Strong technical writing and documentation experience.
- Experience creating and analyzing metrics.
- Technical Project management experience.
- Knowledge of adversarial tactics, techniques, and procedures.
- Knowledge of threat management (operational and engineering).
- Knowledge of security control technologies.
Vacancy expired!