Splunk/Python Integration Engineer
999 REMOTE
Full Time Senior-level / Expert USD 74K - 156K
CACI International Inc
What You’ll Get to Do
CACI is seeking a Splunk/Python Integration Engineer to support cybersecurity data collection, analysis, and mitigation. The work will include support for cybersecurity-related projects that encompass automated event identification and incident response, cybersecurity implementation into a Splunk data-lake, analysis of data derived from cybersecurity tools and use the results of that analysis towards developing enhanced and automated queries, and preparation of presentation materials for Government managers. The engineer will also work with the Integration Layer Architecture to develop an approach for expanding the scope of the existing data integration layer to accommodate data from an expanded set of data sources and data fields, as a part of a future solution deployment.
This position will support the Continuous Diagnostics and Mitigation (CDM) Program’s mission to safeguard and secure cyberspace in an environment where the threat of cyber-attack is continuously growing and evolving and is responsible for enhancing the security, resilience, and reliability of the Nation’s cyber and communications infrastructure. The CDM Program defends the United States (U.S.) Federal Information Technology (IT) networks from cybersecurity threats by providing continuous monitoring sensors (tools), diagnosis, mitigation tools, and associated services to strengthen the security posture of Government networks.
More About the Role
- Engineer, implement and monitor Splunk security measures for the protection of computer systems, networks, and information
- Identify and define system data collection requirements
- Design computer security architecture and develop detailed cyber security designs using Splunk or other similar tools with breakthrough technology solutions
- Create Python scripts to query data sets and integrate the data into dashboard solutions
- Prepare and document standard operating procedures and protocols for all designed and developed solutions that ensures detailed project documentation
- Develop technical solutions and investigate new security tools to help mitigate security vulnerabilities and automate repeatable reports using Splunk data-lake or other similar tools
- Develop query mechanisms using Splunk within hours of receiving a data request
- Deploy Splunk into virtual and cloud environments (AWS and Azure)
You’ll Bring These Qualifications
- US Citizenship required
- There is no clearance requirement to begin employment. However, as a requirement of continued employment, you must meet eligibility requirements for access to classified information and be clearable to a Department of Homeland Security (DHS) Entrance on Duty (EOD) authorization.
- Proven work experience as a Splunk system security architect with a Splunk Enterprise Certified Architect certification
- Extensive experience with ELT and data integration from multiple disparate data sources and data formats.
- Demonstrated experience with Python programming with REST API based application development experience.
- Detailed technical knowledge of database and operating system security using Splunk attributes
- Hands on experience with Splunk collecting cybersecurity data metrics from firewalls, intrusion detection systems, anti-virus software, vulnerability scanners, authentication systems, log management, content filtering, etc.
- Knowledge of the implementation of attribute-based access control (ABAC) and role-based access control (RBAC) triggers for Splunk
- Understanding and experience working with high availability systems and proper protection of HA systems when pulling data
- Experience with network security and networking technologies and with system, security, and network monitoring tools
- Thorough understanding of the latest security principles, techniques, and protocols
- Demonstrated experience with continuous integration and software CM processes / tools (GIT, JIRA, Confluence, Puppet, Ansible)
- Intermediate experience with shell scripting and Unix environments.
- Intermediate knowledge of network design
- Intermediate hands-on experience with Cribl or Kafka
- Independently analyze problems and implement solutions.
- Problem solving skills and ability to work under pressure
- BS degree in Computer Science or related field
These Qualifications Would Be Nice to Have
- Any other cybersecurity certification such as Security+, CEH, or CISSP
- Any other relevant certification on tools used for large scale data integration and processing
- Knowledge / experience of Machine Learning
- Demonstrated experience developing and implementing software enhancements to mission systems in other Government agencies
- Demonstrated ability to learn new technologies as needed
- Demonstrated experience using Agile based software development methodologies
- Demonstrated experience developing innovative solutions
- Demonstrated experience using multiple technologies to develop enterprise systems
- Demonstrated experience with building DevOps pipelines for enterprise systems
- Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols
- Applied hands-on knowledge of the use of Splunk with two or more of the following toolsets: Axonius, Forescout, McAfee ePO, RedHat Enterprise Linux (RHEL and RHEL KVM), ServiceNow, Tanium, VMWare, Windows Server, Tenable, CrowdStrike
- Knowledge of network design and network devices: Cisco, F5, Juniper, and Palo Alto with knowledge of applicable API integration
- Demonstrated experience working with open source software and teams on GitHub
What We Can Offer You:
- We’ve been named a Best Place to Work by the Washington Post.
- Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
- We offer competitive benefits and learning and development opportunities.
- We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities.
- For over 60 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success.
Company Overview:
CACI is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other protected characteristic.
Pay Range: There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits. Learn more here
Since this position can be worked in more than one location, the range shown is the national average for the position.
The proposed salary range for this position is:
$74,600-$156,700Tags: Agile Ansible APIs AWS Azure CEH CISSP Clearance Clearance Required Cloud Computer Science Confluence CrowdStrike DevOps Firewalls GitHub Incident response Intrusion detection Jira Kafka KVM Linux Machine Learning Monitoring Network security Open Source Puppet Python REST API Scripting Splunk UNIX VMware Vulnerabilities Windows
Perks/benefits: Career development Competitive pay Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Cloud Security Architect jobs
- Open Product Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Information Security Officer jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Ethical hacker / Pentester H/F jobs
- Open IT Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Operations Analyst jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Information System Security Officer jobs
- Open Senior Network Security Engineer jobs
- Open CISM-related jobs
- Open C-related jobs
- Open Risk assessment-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Analytics-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open DoD-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open DevOps-related jobs
- Open Splunk-related jobs
- Open IDS-related jobs
- Open APIs-related jobs
- Open IPS-related jobs
- Open Kubernetes-related jobs