Splunk Detection Engineer
XOR Security is currently seeking a talented Splunk Detection Engineer to support a Cyber Security Operation Center of a commercial customer in Vienna, VA.
We are seeking the right candidates who can develop custom detection content (correlation rules) identify threat activity. This includes developing notable events, visualizations, forms, reports, alerts, as well as Splunk Apps, Technology Add-ons, and normalize data sources to the Common Information Model. The candidate will provide optimization of data flow using aggregation, filters, etc. The following include typical duties:
- Work with different cyber teams (24X7 SOC Analysts, Cyber Intel, Insider Threat and Cyber Hunt) to develop monitoring and data requirements
- Alert use case development
- Upgrade Splunk apps required by Splunk ES upgrades
- Splunk Enterprise Security administration and management
- Configure notable event actions, action menus and Adaptive Responses
- Data onboarding and data ingestion normalization recommendations
- Minimum 3 years of experience with Splunk operations and maintenance including 2 or more years of Splunk ES administration
- Minimum of 2 years’ experience in system integration including the design, development, enhancement of cyber systems
- Must have demonstrated ability to build and implement event correlation rules, logic, and content in the security information and event management system with specific experience in the Splunk platform
- Must possess strong written and verbal communication skills and must be capable of the understanding, documenting, communicating and presenting technical issues in a non-technical manner to audiences with varying degrees of technical expertise
- The candidate must be comfortable editing and maintaining Splunk configuration files and apps managed in version control systems.
- Must have demonstrated ability to tune the SIEM event correlation rules and logic to filter out security events associated with known and well established network behavior, known false positives and/or known errors
- Must have experience maintaining an event schema with customized security severity criteria
- Must possess a thorough and in-depth understanding of SEIM technologies and event collection mechanisms in the Windows, Linux operating environments, network and security devices
- Demonstrated experience with Extraction, Transformation, and Loading of data including skills in SPL and Regex
- Experience and be comfortable with recognizing and onboarding new data types, and managing distributed data source inputs into Splunk, analyzing the data for anomalies and trends, and building dashboards, reports, and alerts both independently and built from customer requirements.
- Comfortable operating via the linux command line interface
- Bachelor’s Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering
- Experience maintaining an event schema with customized security severity criteria
- Experience with a cloud-based Splunk deloyment
- Experience planning, data collection, and sizing for a distributed deployment and is able to manage and troubleshoot distributed deployments with multiple, multi-site indexer clusters and search head clusters.
- Experience supporting a Security Operation Center’s Splunk deployment
- Experience as a Security Engineer and/or Security Analyst for a Security Operation Center
- Knowledge of event sources Azure, Office365, Stealthwatch, FireEye, Windows Servers, Linux Servers, Checkpoint Firewalls, Etc.
- Ability to script in one more of the following computer languages Python, Bash, Visual Basic or Powershell
XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement - Applicants selected must meet background investigation eligibility requirements - US CITIZENSHIP required.