Location: Rockville, MD (Up to 3 days onsite)
We are seeking an information security Sr. Splunk analyst who will be a key member of a consulting team providing advice, support and reporting to federal agencies in Incident Response & Risk Management areas of Information Security.
This role will be responsible for conducting incident handling tasks during different phases of Computer Security Incident Response (CSIR), and for engineering, implementing, and optimizing Splunk capabilities that support enterprise-wide cybersecurity monitoring, detection, automation and incident response.
The candidate should be able to design custom dashboards, support incident response and root cause analysis, and develop automation and integrations with DLP, ServiceNow events and other enterprise systems.
Key Responsibilities
- Monitor and analyze security events and alerts from SIEM, IDS/IPS, firewall logs, system logs (Windows, Linux, Unix), and databases
- Design, develop, and maintain custom Splunk dashboards
- Design and implement automation workflows integrating Splunk with ServiceNow
- Develop and optimize SPL queries, correlation searches, and detection use cases in Splunk ES
- Support incident response including log analysis, event correlation, and forensic investigation
- Identify true threats vs false positives and escalate incidents
- Conduct root cause analysis (RCA) and prepare reports
- Develop integrations using APIs, Python/PowerShell, and webhooks
- Ensure compliance with NIST SP 800-53, NIST 800-61, and CISA CDM
- Optimize Splunk performance, data ingestion, and scalability
- Provide support and guidance to SOC analysts
- Work with cross-functional teams
- Provide daily updates and reporting on incidents and projects
Basic Qualifications
- Strong teamwork and communication skills
- Experience with SIEM tools and intrusion detection/prevention systems
- Ability to analyze logs and identify security threats
- Ability to work in high-pressure situations
- Knowledge of MITRE ATT&CK, Cyber Kill Chain
- Experience in vulnerability analysis, intrusion analysis, or digital forensics
- Familiarity with Vulnerability Management (VM), A&A, RMF
- 2+ years of SOC/TOC/NOC experience
- Understanding of scripting/programming and database queries
- Bachelor’s degree in Information Security/Computer Science or 8+ years of experience
- Ability to work onsite in Rockville, MD
Technical Knowledge
- SIEM (Splunk)
- SSL/TLS Decryption
- Malware Detection, EDR
- Network monitoring and packet analysis
- Windows, Linux/Unix, Mac OS
- Email Security
- Data Loss Prevention (DLP)
- Microsoft Defender (MDE, MDAV)
Preferred Certifications
- GCIA, GCIH, GCFE
- CISSP
- Security+ / Network+
- CEH
- RHCA / RHCE
- MCSA / MCSE
Please share resume to below mail ID
peter@vsiiusa.com
