Cybersecurity Engineer - Splunk (some telework available)
Prince William, VA
GovCIO
Please explore other opportunities in Prince William, VA by clicking here.
Cybersecurity Engineer - Splunk (some telework available)
Company Overview
GovCIO is a team of transformers--people who are passionate about transforming government I.
T. We believe in making a difference by developing digital strategies and delivering the technology-related innovation governmental operations that improve the citizen experience every day.
But we can't do it alone. We welcome and nurture an inclusive and diversified work culture. Because different backgrounds, experiences, abilities, and perspectives make us better decision-makers, problem solvers, and creators. We're changing the face of I.
T. - from our diverse staff to the end-products we develop. And we're excited to expand our team. Are you ready to be a transformer?
Responsibilities
Correlates threat data from various sources to establish the identity and modus operandi of hackers active in client's networks and posing a potential threat. Provides the customer with assessments and reports facilitating situational awareness and understanding of current cyber threats and adversaries.
Develops cyber threat profiles based on geographic region, country, group, or individual actors. Produces cyber threat assessments based on entity threat analysis. May provide computer forensic and intrusion support to high technology investigations in the form of computer evidence seizure, computer forensic analysis, data recovery, and network assessments.
Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption.
Collaborates with intrusion analysts to identify, report on, and coordinate remediation of cyberthreats to the client.
Provides timely and actionable sanitized intelligence to cyber incident response professionals.
Leverages technical knowledge of computer systems and networks with cyber threat information to assess the client's security posture.
Conducts intelligence analysis to assess intrusion signatures, tactics, techniques, and procedures associated with preparation for and execution of cyber-attacks.
Research hackers, hacker techniques, vulnerabilities, exploits, and provides detailed briefings and intelligence reports to leadership.
Coordinates with the Cyber Security and Operations teams to build dashboards and queries to assist with threat detection and incident response.
Participates in developing security-focused content for Splunk implementations across multiple network classifications on Department of Defense (Do
D) networks
Assists with designing log management and data ingest solutions while ensure efficiency and scalability
Supports the development of automation and scripting directly supporting data/threat analysis
Implements and manages Splunk add-ons to enhance capabilities to include advanced threat detection and machine learning
Supports the A&A authorization of the Splunk environment
Monitors system recovery processes to ensure security features and functions are properly restored and functioning correctly following outages
Supports implementation efforts for response/actions addressing operational and communication orders from governing organizations
Provides expert analysis of logs/alerts/records to prevent or detect anomalies or adverse events
Supports the Government in the enforcement of suspected malicious activity
Participates in the change management process, including reviewing Change Requests and assisting in the assessment of security impact of proposed changes
Works on project teams responsible for engineering and packaging releases to integrate within the customer's production IT environment
Guides and advises government customer with Splunk best practice solutions and configurations
Supports a growing Cybersecurity team with occasional training evolutions
Supports RMF compliance requirements by analyzing processes and recommending solutions
Communicates well, both written and verbally
Qualifications:
Active Secret clearance:
TS/SCI is highly preferred
Do
D 8570 (IAT II Level) certification
Position requires on-site support at Quantico, VA with telework flexibility at customer’s discretion
High School with 10+ years (or commensurate experience)
Required Skills and Experience:
5+ years of managing Spunk and SIEM systems
2+years of security engineering experience working with Do
D IT systems and solutions
1+ years of experience with application and OS logging
Experienced with Splunk Enterprise operations to include
Configuration and system tuning
Alert and report creation
Deployment scaling
User Based Analytics implementation and review
Preferred Skills and Experience
Active Splunk certificationhighly preferred(Architect/Developer level)
Familiar with Splunk Enterprise operations to include
Overall enterprise deployment and implementation
Endpoint troubleshooting
Splunk account management
Deployment scaling
Do
D STIG dashboard creation
ATO of Splunk systems in Do
D packages
#cjpost