Cybersecurity Engineer - Splunk (some telework available)

Company Overview

GovCIO is a team of transformers--people who are passionate about transforming government I.

T. We believe in making a difference by developing digital strategies and delivering the technology-related innovation governmental operations that improve the citizen experience every day.

But we can't do it alone. We welcome and nurture an inclusive and diversified work culture. Because different backgrounds, experiences, abilities, and perspectives make us better decision-makers, problem solvers, and creators. We're changing the face of I.

T. - from our diverse staff to the end-products we develop. And we're excited to expand our team. Are you ready to be a transformer?

Responsibilities

Correlates threat data from various sources to establish the identity and modus operandi of hackers active in client's networks and posing a potential threat. Provides the customer with assessments and reports facilitating situational awareness and understanding of current cyber threats and adversaries.

Develops cyber threat profiles based on geographic region, country, group, or individual actors. Produces cyber threat assessments based on entity threat analysis. May provide computer forensic and intrusion support to high technology investigations in the form of computer evidence seizure, computer forensic analysis, data recovery, and network assessments.

Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption.

Collaborates with intrusion analysts to identify, report on, and coordinate remediation of cyberthreats to the client.

Provides timely and actionable sanitized intelligence to cyber incident response professionals.

Leverages technical knowledge of computer systems and networks with cyber threat information to assess the client's security posture.

Conducts intelligence analysis to assess intrusion signatures, tactics, techniques, and procedures associated with preparation for and execution of cyber-attacks.

Research hackers, hacker techniques, vulnerabilities, exploits, and provides detailed briefings and intelligence reports to leadership.

Coordinates with the Cyber Security and Operations teams to build dashboards and queries to assist with threat detection and incident response.

Participates in developing security-focused content for Splunk implementations across multiple network classifications on Department of Defense (Do

D) networks

Assists with designing log management and data ingest solutions while ensure efficiency and scalability

Supports the development of automation and scripting directly supporting data/threat analysis

Implements and manages Splunk add-ons to enhance capabilities to include advanced threat detection and machine learning

Supports the A&A authorization of the Splunk environment

Monitors system recovery processes to ensure security features and functions are properly restored and functioning correctly following outages

Supports implementation efforts for response/actions addressing operational and communication orders from governing organizations

Provides expert analysis of logs/alerts/records to prevent or detect anomalies or adverse events

Supports the Government in the enforcement of suspected malicious activity

Participates in the change management process, including reviewing Change Requests and assisting in the assessment of security impact of proposed changes

Works on project teams responsible for engineering and packaging releases to integrate within the customer's production IT environment

Guides and advises government customer with Splunk best practice solutions and configurations

Supports a growing Cybersecurity team with occasional training evolutions

Supports RMF compliance requirements by analyzing processes and recommending solutions

Communicates well, both written and verbally

Qualifications:

Active Secret clearance:

TS/SCI is highly preferred

Do

D 8570 (IAT II Level) certification

Position requires on-site support at Quantico, VA with telework flexibility at customer’s discretion

High School with 10+ years (or commensurate experience)

Required Skills and Experience:

5+ years of managing Spunk and SIEM systems

2+years of security engineering experience working with Do

D IT systems and solutions

1+ years of experience with application and OS logging

Experienced with Splunk Enterprise operations to include

Configuration and system tuning

Alert and report creation

Deployment scaling

User Based Analytics implementation and review

Preferred Skills and Experience

Active Splunk certificationhighly preferred(Architect/Developer level)

Familiar with Splunk Enterprise operations to include

Overall enterprise deployment and implementation

Endpoint troubleshooting

Splunk account management

Deployment scaling

Do

D STIG dashboard creation

ATO of Splunk systems in Do

D packages

#cjpost