Splunk Engineer - TS/SCI (Washington, DC)

About The Position

Requirements

• MUST possess a TS/SCI w/Poly (CI or FS)
• MUST have Splunk Architect Certification or Splunk Certified Consultant
• 3+ years of experience utilizing Splunk Enterprise
• Bachelor’s degree and 3+ years of experience with supporting IT projects and activities, Associate’s degree and 5+ years of experience with supporting IT projects and activities OR HS diploma or GED and 7+ years of experience with supporting IT projects and activities
• Experience with deploying, configuring, and performing functional testing and data validation in a Splunk environment
• Experience with Splunk performing systems administration, including performing installation, configuration, monitoring system performance and availability, upgrades, and troubleshooting in Windows and Linux Server environments
• Experience creating custom dashboards, writing queries and generating reports, and setting up alerts and notifications
• Familiarity with DoD Risk Management Framework

Nice To Haves

• Ability to ingest and parse logs within Splunk
• Experience with fields abstraction
• Experience with data modeling using Splunk
• Experience with workflows and drilldown query
• Experience administering Splunk in distributed deployments
• Experience with performing site surveys, data gathering, and research and analysis regarding deploying and implementing security tools
• Splunk Certified Power User or other advanced Splunk Certification
• Experience with DevSecOps and Elasticsearch, Logstash & Kibana (ELK)
• Possession of excellent oral and written communication skills, including using presentation expertise to convey complex Ideas to client and internal staff
• Possession of excellent problem-solving skills
• DoD 8570 IAT Level II Certification, including CCNA-Security, CySA+, GICSP, GSEC, Security+ CE, CND, or SSCP
• Active DoD 8570 IAT Level III certification (CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, or CCSP)
• Active DoD 8570 Cybersecurity Service Provider (CSSP) - Infrastructure Support (IS) certification (CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND)

Responsibilities

• Implement and operate next-generation security solutions for government and commercial clients.
• Use Splunk and integrate it with other tools like HBSS, Enterprise Security Manager (ESM), Network Security Manager (NSM), NetFlow, and/or Intrusion Detection Systems (IDS) to monitor, detect, and analyze threats.
• Perform hands-on evaluation, implementation, and operation of leading security Cyber defense tools and technologies.
• Apply in-depth defense strategies for large and complex networks to rapidly identify vulnerabilities and threats, prioritizing response actions, including developing effective countermeasures.
• Support the risk management and security compliance of specified cyber security tools.
• Apply thought leadership to solving complex security challenges in a highly collaborative and innovative work environment.

Benefits

• Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family). If you choose the High Deductible / HSA plan, GPS will contribute in 4 equal quarterly installments: ($850 per EE annually / $1750 per family annually (includes spouse/children/family options)
• Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
• 12 corporate holidays and a Flexible Time Off (FTO) program
• Healthy mobile phone and home internet allowance
• Eligibility for retirement plan after 2 months at open enrollment
• Pet Benefit Option