Job description
SOC Engineer
Arlington, VA
MUST:
Active Secret clearance with the ability to obtain a Top-Secret clearance is required
Experienced Splunk Security Engineer
10+ years of relevant technical experience
5+ years of related systems engineering experience - primarily in a government environment, dealing with business critical, high availability systems
4+ years of experience querying and manipulating data
2+ years of experience with SPL and knowledge of data types, conditions, and regular expressions
2+ years of Splunk Application Administration experience
Experience with implementing, and operating Splunk or other big data platforms
Experience configuring and utilizing monitoring/logging and security analysis solutions
Understanding of system, network, and application security threats and vulnerabilities with the ability to establish monitoring solutions
Experience creating advance Splunk dashboard
Able to perform direct and advisory roles in oversight planning and implementation of projects and initiatives
Ability to identifying different tactics and techniques of attacks
Strong log analysis skills
Strong knowledge of data analysis - experience implementing and monitoring security contr ols
Strong ability to identify logging and monitoring requirements
Understanding of TCP/IP and UDP protocols, network ports/protocols, and traffic flow
Understanding of Boolean logic and event correlation
Solid communications skills, both written and verbal. Able to create, discuss and explain technical documentation
Certified Splunk Power User or higher is required
Security+ CE or other 8570 IAT Level II certification is required
Bachelor s degree is required; additional years of experience may be accepted in lieu of degree
DUTIES:
Responsible for utilizing tools such as SPLUNK to enhance monitoring capabilities and perform monitoring duties as well as expanding on the security posture of the current environment
Supports Security Operations by threat hunting and security monitoring
Builds out processes and procedures to include documenting work in SOPs
Coordinates with internal and external teams to address threats and risks via investigation and forensic analysis
Develop custom dashboards, data models, reports, alerts, and performance optimization for Splunk
Develop complex queries using Splunk Query Language for use in advanced dashboard and alerts to promote advanced searching, forensics, and analytics
Recognize and on-board new data sources into Splunk, analyze the data for anomalies and trends, and building dashboards highlighting the key trends of the data
Develop and document configuration standards, policies, and procedures for operating, managing, and ensuring the security of system infrastructure
Participate in incident, problem, and change management processes
Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support Incident Response Teams (IRTs)
Develop documentation on new or existing systems
Provide system/equipment/specialized training and technical guidance
Advise management and team members of risks associated with technologies and implementation approaches and identify methods of risk mitigation
Support problem resolution and identify process improvements. Interface as needed at multiple levels of management, providing information in technical areas
Communicate with customers and teammates clearly and concisely.
Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources
Notify designated managers, cyber incident responders, and cyber security service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan
Perform analysis of log files from a variety of sources (g. Individual host logs, network traffic logs, firewall logs, and intrusion detection system {IDS} logs) to identify possible threats to network security *Quadrant, Inc. is an equal opportunity and affirmative action employer. Quadrant is committed to administering all employment and personnel actions on the basis of merit and free of discrimination based on race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or status as an individual with a disability. Consistent with this commitment, we are dedicated to the employment and advancement of qualified minorities, women, individuals with disabilities, protected veterans, persons of all ethnic backgrounds and religions according to their abilities.
Arlington, VA
MUST:
Active Secret clearance with the ability to obtain a Top-Secret clearance is required
Experienced Splunk Security Engineer
10+ years of relevant technical experience
5+ years of related systems engineering experience - primarily in a government environment, dealing with business critical, high availability systems
4+ years of experience querying and manipulating data
2+ years of experience with SPL and knowledge of data types, conditions, and regular expressions
2+ years of Splunk Application Administration experience
Experience with implementing, and operating Splunk or other big data platforms
Experience configuring and utilizing monitoring/logging and security analysis solutions
Understanding of system, network, and application security threats and vulnerabilities with the ability to establish monitoring solutions
Experience creating advance Splunk dashboard
Able to perform direct and advisory roles in oversight planning and implementation of projects and initiatives
Ability to identifying different tactics and techniques of attacks
Strong log analysis skills
Strong knowledge of data analysis - experience implementing and monitoring security contr ols
Strong ability to identify logging and monitoring requirements
Understanding of TCP/IP and UDP protocols, network ports/protocols, and traffic flow
Understanding of Boolean logic and event correlation
Solid communications skills, both written and verbal. Able to create, discuss and explain technical documentation
Certified Splunk Power User or higher is required
Security+ CE or other 8570 IAT Level II certification is required
Bachelor s degree is required; additional years of experience may be accepted in lieu of degree
DUTIES:
Responsible for utilizing tools such as SPLUNK to enhance monitoring capabilities and perform monitoring duties as well as expanding on the security posture of the current environment
Supports Security Operations by threat hunting and security monitoring
Builds out processes and procedures to include documenting work in SOPs
Coordinates with internal and external teams to address threats and risks via investigation and forensic analysis
Develop custom dashboards, data models, reports, alerts, and performance optimization for Splunk
Develop complex queries using Splunk Query Language for use in advanced dashboard and alerts to promote advanced searching, forensics, and analytics
Recognize and on-board new data sources into Splunk, analyze the data for anomalies and trends, and building dashboards highlighting the key trends of the data
Develop and document configuration standards, policies, and procedures for operating, managing, and ensuring the security of system infrastructure
Participate in incident, problem, and change management processes
Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support Incident Response Teams (IRTs)
Develop documentation on new or existing systems
Provide system/equipment/specialized training and technical guidance
Advise management and team members of risks associated with technologies and implementation approaches and identify methods of risk mitigation
Support problem resolution and identify process improvements. Interface as needed at multiple levels of management, providing information in technical areas
Communicate with customers and teammates clearly and concisely.
Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources
Notify designated managers, cyber incident responders, and cyber security service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan
Perform analysis of log files from a variety of sources (g. Individual host logs, network traffic logs, firewall logs, and intrusion detection system {IDS} logs) to identify possible threats to network security *Quadrant, Inc. is an equal opportunity and affirmative action employer. Quadrant is committed to administering all employment and personnel actions on the basis of merit and free of discrimination based on race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or status as an individual with a disability. Consistent with this commitment, we are dedicated to the employment and advancement of qualified minorities, women, individuals with disabilities, protected veterans, persons of all ethnic backgrounds and religions according to their abilities.
blackflymedia.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, blackflymedia.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, blackflymedia.com is the ideal place to find your next job.