Splunk Security Engineer

About The Position

Requirements

• Bachelor’s Degree and a Minimum 10 years of relevant experience with Security Information andEvent Management
• Experience in architecture, design, support, maintenance, and expansion of an enterprise logmanagement/SIEM infrastructure in a highly resilient configuration
• Experience in monitoring an enterprise log management/SIEM server and agent infrastructure forcapacity planning and system optimization
• Experience in deployment, configuration and maintenance of log forwarder agents across avariety of UNIX and Windows platforms
• Experience in collaboration with a variety of IT stakeholders in design and maintenance ofproduction-quality log management/SIEM reports and dashboards to support data analysis andvisualization
• Experience in creation and maintenance of documentation related to log management/SIEMinfrastructure configuration and operational processes
• Advanced system administration skills with Linux operating systems
• 5+ years of experience with Splunk
• Must successfully pass a drug screening
• Must be able to successfully obtain a Public Trust
• Telework (must be local to the DC, Maryland, Virginia area)

Nice To Haves

• Experience with Crbil
• Expereince creating Identity models in SIEM
• Experience with Splunk SOAR and UBA tools
• Knowledge of regular expression, scripting and application development languages (e.g., Pythons, Perl, JavaScript, Linux shell scripting)

Responsibilities

• Administer the Splunk based log management system and analyze the current loggingcapabilities
• Ensure the Agency Information Security systems administered by the Team are sending allrequired logs to the log management system
• Maintain the Log Management and Security Information and Event Management system to collectand aggregate IDS/IPS data from network sensors, raw data from collection agents, firewalls(including but not limited to Layer 7 Application Firewalls), proxy servers, DLP, antivirus/endpointprotection software, and vulnerability scanner elements
• Tune the SIEM and IDS/Intrusion Prevention System (IPS) events to minimize false positives
• Enroll NRC network and systems information into the SIEM tool, using information from theVulnerability and Compliance Scanning System (VCSS) and input from ISSOs, and perform assetcategorization and privatization
• Tune the capabilities as practicable to improve efficiency and ensure that reporting capabilities ofthe log management system are working properly
• Validate that agency log retention requirements are configured properly within the agency’s logmanagement system
• Identify shortfalls in the current capability and identify systems that are not sending logs to theagency log management system
• Recommend improvements to current processes
• Provide technical guidance to administrators of other IT systems to ensure their logs are sent tothe agency’s log management system
• Configure agency’s log management system role-based access controls so that logs for specificsystems can only be accessed by designated administrators

Benefits

• health
• dental
• vision
• 401K
• life insurance
• short-term and long-term disability plans
• vacation time
• holidays