- Hi,
- I am looking for Splunk Service Engineers in you have experience in this field, are interested in this position and looking for a new assignment, please review the following requirement and forward your word formatted resume along with your contact information. If you are no longer looking for a new project, but know someone who can benefit from this position, please refer.
- Title: Splunk Service Engineer
- Location: Falls Church, VA 22042
- Contract: 6+ Months
- Description:
- Job Responsibilities:
- Required skills:
- Develop and Implement Actionable Alerts and Workflow for Splunk as a SIEM (Security Information & Event Management) tool
- Develop and Implement Apps & Knowledge Objects (KO) like Dashboard, Reports, Data Models
- Work with the Splunk Architect/Admin to promote private KO to Global KO
- Assist, and/or train CISO Splunk Engineering team on Data Lifecycle Support
- Assist, train, and/or host workshops CISO teams and analysts on Searching and Content Development
- Develop and implement automation to improve efficiency of CISO workflows using Splunk
- Assist in development of advanced security use cases in Splunk
- Develop risk rules and risk incident rules to correlate and alert to significant cyber events.
- Develop custom dashboards specific to RBA (Risk Based Alerting) to highlight risk detail, health analysis and risk suppression.
- Configure incident response and remediation workflows for ES around notable events (RBA or otherwise alerted)
- Develop custom machine learning (ML) models to support anomaly-detection based augmentation of alerting
- Work with numerous stakeholders to implement & maintain event logging from various operating systems, applications, identity providers, network infrastructure, and cloud service providers.
- Understanding of network protocols, operating systems, applications, and device event telemetry
- Have strong communication and collaboration skills, both oral and written, with excellent interpersonal and organization skills.
- Understanding of network defense tools (firewall, IPS/IDS, WAF/CDN, etc), endpoint defense tools (EDR, anti-malware) a plus
- Experience with SAAS- or cloud-hosted Splunk implementation a plus.
- EXPERIENCE LEVEL:
- Extensive experience (7+ years) in information security operations and/or related IT operational functions
- EDUCATION:
- Must possess a minimum of a Bachelors Degree in Computer Science, Information Technology or Information Security (Masters Degree preferred).
- CERTIFICATIONS: (One or more required)
- -CompTIA Security +
- -CPTE – Certified Penetration Testing Engineer or CEH – Certified Ethical Hacker
- -Certified Information System Security Professional (CISSP)
share profiles to sree@ramsoft.net
phone:6088515173