Senior Splunk Detection Engineer

Arlington, Virginia

XOR Security is looking for a Senior Splunk Detection Engineer to perform the following duties:

  • Play an integral role in assessing and establishing a framework for Security Audit (Continuous) Monitoring Operations in a 24x7x365 environment comprised of High Value Assets (HVAs)
  • Leveraging MITRE ATT&CK framework and best practices, develop detection and alerting content from various sources including system level logs, security events in platforms such as Splunk, Palantir, and priority data analytic platforms.  
  • Escalate and report potential user-related incidents by creating and updating incident cases and tickets.
  • Support and lead incident response and investigation activities on potential security threats (external and internal).
  • Perform risk assessment analysis for Privilege Access Management (PAM) for elevated, global, privileged users and users with access to sensitive data sources
  • Provide monitoring of Identity Access Management (IAM) capabilities to assess the repository of user identity data, automated fulfillment of resource provisioning and de-provisioning workflows, and a request/ approval mechanism to facilitate user self-service for application/ resource access.
  • Establish monitoring operations of full logging and auditing capabilities from IAM and PAM capabilities
  • Create deliverables in support of monitoring and analysis activities to include daily summary reports
  • Review deliverables created by the User Activity Monitoring and Security Audit Monitoring teams leveraging a deep understanding of security and privacy principles and solutions.
  • Confirm the accuracy of anomalous activity and incident management statistics.
  • Document HVA Incident risk mitigation strategies and alternative solutions for security and Counter-Insider Threat (CINT) risk areas.
  • Support resolution of identified defects through analyses, presentations and coordination meetings.
  • Establish and maintain an internal CINT risk register to track potential security and privacy weaknesses.
  • Provide continuous monitoring assessment and validation of Security Audit Monitoring operations where output is specified, developed and tested to meet and demonstrate compliance with security and CINT requirements.
  • Work with the existing Cybersecurity Operations team, and/or any other pertinent parties (to include external vendors) at any location to recover from any incident. Work shall be done in coordination with external service providers, system owners, system administrators, and Information System Security Officers (ISSOs)
  • Maintain a set of Government furnished portable vulnerability assessment, digital media analysis, and malware analysis tools to support deployment missions, to be used for critical incident response efforts and in response to high priority initiatives determined by leadership. Deliverables for Incident Assessment and Response Support include an Incident Assessment and Response Report.

Required qualifications

  • Minimum 2 years of experience as a cybersecurity analyst
  • Minimum Associates Degree
  • Strong analytical and technical skills in computer network defense operations, ability to lead efforts in Incident Handling (Detection, Analysis, Triage), Hunting (anomalous pattern detection and content management) and Malware Analysis.
  • Experience identifying insider threats
  • Experience assessing and monitoring Privilege Access Management (PAM) and Identify Access Management (IAM) platforms
  • Prior experience and ability to with analyzing information technology security events to discern events that qualify as legitimate security incidents as opposed to non-incidents. This includes security event triage, incident investigation, implementing countermeasures, and conducting incident response.
  • Previous hands-on experience with a Security Information and Event Monitoring (SIEM) platforms and/or log management systems that perform log collection, analysis, correlation, and alerting is required (preferably within Splunk).
  • Ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support analysis and detection efforts.
  • Strong logical/critical thinking abilities, especially analyzing security events from host and network event sources (e.g., windows event logs, AV, EDR, network traffic, IDS events for malicious intent).
  • Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting, excellent verbal and written communications skills and ability produce clear and thorough security incident reports and briefings.
  • A working knowledge of the various operating systems and platforms (e.g., Windows, OS X, Linux, Solaris, RHEL, SunOS, IBM z/OS Mainframe etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).
  • Experience with the identification and implementation of counter-measures or mitigating controls for deployment and implementation in the enterprise network environment.

Desired qualifications

  • Candidates with active IRS Moderate-Risk Background Investigation (MBI) clearances are strongly desired
  • Bachelor’s Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering
  • One or more of the following certifications:  GCIA, GCED, GCFA, GCFE, GCTI, GNFA, GCIH, ECSA, CHFI, Security+, Network+, CEH.
  • An understanding in researching Emerging Threats and recommending monitoring content within security tools.
  • Familiar with DHS CISA’s Security Architecture Review (SAR) process
  • Experience with performing assessments on High Value Assets (HVAs)
  • Experience with one or more of the following technologies and specific tools: Splunk (including Core, Phantom and ES), Vanguard, Qualys, z/OS, Palantir, CyberArk

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements – US CITIZENSHIP REQUIRED.

 

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Active Directory Audits CEH CHFI CISA Clearance Compliance Computer Science Cyberark DNS ECSA EDR GCED GCFA GCFE GCIA GCIH GCTI GNFA IAM IDS Incident response Linux Mainframe Malware MITRE ATT&CK Monitoring Privacy Qualys Risk assessment Security Assessment Report SIEM SMTP Solaris Splunk SQL Windows

Perks/benefits: 401(k) matching Health care Team events

Region: North America
Country: United States
Job stats:  4  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.