Senior Security Engineer - Splunk
Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client’s organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.
Your Role and Responsibilities
As a Senior Splunk Security Engineer, you will be responsible for leading the deployment, and maintenance of the Splunk Security Information Event Management (SIEM) solution within a 24x7x365 federal security operation. The Splunk Engineer will analyze our client’s business requirements / systems /networks and translate those specifications into a SIEM design that provides an efficient and effective SIEM solution within a federal cloud environment. The Senior Splunk Engineer will serve as a lead engineer for Splunk while providing mentorship and guidance for mid-level engineers.
Required Technical and Professional Expertise
• 5+ years of splunk Engineering / administration experience
• 3+ years of management of Splunk within a Federal environment
• Deep understanding of enterprise environments, specifically cloud-based and hybrid cloud environments.
• Knowledge of security frameworks including such as MITRE ATT&CK, OWASP, & NIST.
• Hands-on troubleshooting, analysis, and technical expertise to resolve incidents and/or service requests.
• Strong written communication skills and the ability to articulate technical security analysis to a non-technical audience
• Understanding of possible attack activities such as network reconnaissance probing/ scanning, DDOS, malicious code activity, etc.
• Ability to demonstrate Splunk Machine Learning Toolkit (MLTK), Splunk Search Processing Language (SPL) expertise and Regular Expression Language
• Intermediate expertise with Red Hat Enterprise Linux (RHEL)
• 1+ years of experience leveraging Splunk or audit logs for incident response and user behavior analytics
• Experience with programming a plus
• Experience with security tool data, including Network & Host Firewall, Tenable, Tanium
• CompTIA Security+ Certification
• CISSP Certification or equivalent DoD 8570 Certification
(DoD 8570/8140 certification required: such as: CASP+ CE, CCNP Security, CISA, CISSP, GCED, GCIH) in required skills.
Preferred Technical and Professional Expertise
Splunk Cloud design, management, implementation, and support.