• Hi,
• I am looking for Splunk Service Engineers in you have experience in this field, are interested in this position and looking for a new assignment, please review the following requirement and forward your word formatted resume along with your contact information. If you are no longer looking for a new project, but know someone who can benefit from this position, please refer.
• Title: Splunk Service Engineer
• Location: Falls Church, VA 22042
• Contract: 6+ Months
• Description:
• Job Responsibilities:
• Required skills:
• Develop and Implement Actionable Alerts and Workflow for Splunk as a SIEM (Security Information & Event Management) tool
• Develop and Implement Apps & Knowledge Objects (KO) like Dashboard, Reports, Data Models
• Work with the Splunk Architect/Admin to promote private KO to Global KO
• Assist, and/or train CISO Splunk Engineering team on Data Lifecycle Support
• Assist, train, and/or host workshops CISO teams and analysts on Searching and Content Development
• Develop and implement automation to improve efficiency of CISO workflows using Splunk
• Assist in development of advanced security use cases in Splunk
• Develop risk rules and risk incident rules to correlate and alert to significant cyber events.
• Develop custom dashboards specific to RBA (Risk Based Alerting) to highlight risk detail, health analysis and risk suppression.
• Configure incident response and remediation workflows for ES around notable events (RBA or otherwise alerted)
• Develop custom machine learning (ML) models to support anomaly-detection based augmentation of alerting
• Work with numerous stakeholders to implement & maintain event logging from various operating systems, applications, identity providers, network infrastructure, and cloud service providers.
• Understanding of network protocols, operating systems, applications, and device event telemetry
• Have strong communication and collaboration skills, both oral and written, with excellent interpersonal and organization skills.
• Understanding of network defense tools (firewall, IPS/IDS, WAF/CDN, etc), endpoint defense tools (EDR, anti-malware) a plus
• Experience with SAAS- or cloud-hosted Splunk implementation a plus.
• EXPERIENCE LEVEL:
• Extensive experience (7+ years) in information security operations and/or related IT operational functions
• EDUCATION:
• Must possess a minimum of a Bachelors Degree in Computer Science, Information Technology or Information Security (Masters Degree preferred).
• CERTIFICATIONS: (One or more required)
• -CompTIA Security +
• -CPTE – Certified Penetration Testing Engineer or CEH – Certified Ethical Hacker
• -Certified Information System Security Professional (CISSP)
share profiles to sree@ramsoft.net
Phone:6088515173