Splunk Security Engineer

Description
Are you looking for an exciting job opportunity that will allow you to use your skills and expertise to make a real difference' The National Security Sector has just the role for you! We are seeking for a Splunk Security Engineer to join our team at the National Maritime Intelligence Center in Suitland, MD. In this dynamic position, you will have the chance to work across projects and teams to provide support for the Office of Naval Intelligence's (ONI) Defense Cyber Operations mission. Your daily activities will directly impact real-world operations and assist utilizing Security Information Event Management platforms to support threat detection, compliance, and security incident management through the collection and analysis (both near real-time and historical) of security events, as well as a wide variety of other event and contextual data sources.

Great News! Program is offering additional Paid Time Off or a Sign-on Bonus!

What you will do:

• Analyze log events and other data across disparate sources; implement and leverage the latest operational capabilities (such as incident management, dashboards, and reporting); as well as Security Orchestration, Automation, and Response (SOAR) in order to resolve anomalous activity in a prescribed, repeatable, and automated fashion.
• Work with stakeholders directly to build, design, deliver, re-write, and maintain efficient, reusable, and reliable security automations using Splunk SOAR.
• Create custom content and playbooks that interact with other tools/devices on the network to automate security response actions based on alerts / threats.
• Configure, use and maintain a stack of deployed detection technologies; ticketing system integrations, SIEM integration (i.e., Splunk Enterprise Security); Splunk Enterprise Security detections that use Risk-Based Alerting (RBA); deployment of common detection technologies across common control points, including endpoint, network, email and cloud; stream of sources identified for threat intelligence integration; identity and access management tool deployment; API compatibility across existing technologies.
• Be responsible for the lifecycle of an automation playbook, from requirements gathering and planning to design, testing, implementation, and maintenance.
• Create detailed technical documentation pertaining to SOAR automations and collaborate with other internal teams as part of setting up SOAR integrations.

Basic Qualifications:

• Bachelor's degree with 7+ years of related work experience. Additional years of experience, certifications or trainings may be considered in lieu of degree.
• Active DoD TS/SCI clearance.
• Current IAT Level II DoD Approved 8570-M Baseline Certification (e.g. Security+ce or equivalent) or the ability to obtain within 30 days from date of offer of acceptance.
• 5+ years of demonstrated experience in in Splunk Security Orchestration, Automation, and Response (SOAR)/Phantom, including developing playbooks, implementing integrations and troubleshooting.
• Deep understanding of Splunk Administration (not just user knowledge).
• Experience performing software integrations with Trellix, Cisco, Exchange, and Windows and Linux.
• 2+ years of hands-on experience using Splunk for both searching data and data analysis and for passing data to SOAR.
• Hands-on knowledge of programming languages, APIs, and integrations to include strong programming skills in Python for automation.
• Process improvement experience.

Preferred Qualifications:

• Current IAT Level III DoD Approved 8570-M Baseline Certification (e.g. CISSP or equivalent)
• Splunk Certified Enterprise Security Administrator
• Experience with modeling languages like UML for structure, behavior, and interaction diagrams.
• Ability to use Jira and ServiceNow for ticket tracking.
• Technical writing skills for creating Standard Operating Procedures (SOPs) and other supporting documentation.
• Completion of both "Developing SOAR Playbooks" and "Advanced SOAR Implementation" Training courses from Splunk.
• Experience in Security Operations Center (SOC) workflows and the processes for alert triage, defining incident investigation at varying levels of severity, capturing critical metrics to measure SOC effectiveness, evaluating lessons learned after critical incidents, leveraging metrics for operational improvement, use standard incident response methodologies.
• Experience in integrating MITRE ATT&CK detection framework.

NITESONI
EIO2024

Original Posting Date: 2024-07-08While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range: Pay Range $101,400.00 - $183,300.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
About Leidos Leidos is a Fortune 500® innovation company rapidly addressing the world's most vexing challenges in national security and health. The company's global workforce of 47,000 collaborates to create smarter technology solutions for customers in heavily regulated industries. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $15.4 billion for the fiscal year ended December 29, 2023. For more information, visit www.Leidos.com .
Pay and Benefits Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here .
Securing Your Data Beware of fake employment opportunities using Leidos' name. Leidos will never ask you to provide payment-related information during any part of the employment application process (i.e., ask you for money), nor will Leidos ever advance money as part of the hiring process (i.e., send you a check or money order before doing any work). Further, Leidos will only communicate with you through emails that are generated by the Leidos.com automated system - never from free commercial services (e.g., Gmail, Yahoo, Hotmail) or via WhatsApp, Telegram, etc. If you received an email purporting to be from Leidos that asks for payment-related information or any other person a l information (e.g., about you or your previous employer), and you are concerned about its legitimacy, please make us aware immediately by emailing us at [email protected] .
If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission .
Commitment to Diversity All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.