Splunk / Elastic Team Lead

About The Position

Requirements

• Bachelor's degree and 8+ years of prior relevant experience. Additional experience may be considered in lieu of degree.
• Active Secret security clearance is required prior to start.
• DoD 8570 IAM II certification
• Splunk Core Certified Power User, Equivalent certification or higher
• Elastic Certified Analyst, Equivalent certification or higher
• Excellent written and oral communications skills and be able to appropriately present highly technical material to both technical and non-technical audiences

Nice To Haves

• Prior experience as a network intrusion analyst or Security Operations Center analyst.
• Experience configuring and maintaining the tool in a multi-tenant environment
• Experience with one or more Security tools: Qmulos ACAS HBSS Tanium

Responsibilities

• Design efficient and reusable reports and dashboards to integrate multiple mission applications’ health, performance and operational data systems into Splunk/Elastic
• Direct and monitor reporting in Splunk/Elastic dashboards to reflect compliance status of DISA J-6 with all directed information assurance vulnerability alerts and bulletins, Computer Tasking Orders, and other compulsory cyber security directives.
• Create front-end automated data visualization services using Splunk/Elastic
• Create viewable Splunk/Elastic dashboards to provide visibility into ingested log data
• Create alerts that trigger/activate on configured setting to deploy or sends a note/email/attachments to a particulate destination email or groups
• Create security rules (alerts) that trigger on anomalous activities or threat detections
• Utilize Qmulos, Splunk, Assured Compliance Assessment Solution (ACAS), Host Based Security System (HBSS), and Tanium to assess/validate/monitor the security controls and security posture of the enterprise and system level in order to support on-going authorization.