Apply on Employer Site

TekSynap · 5 months ago

Splunk Security Engineer

Rockville, MD

Full-time

Hybrid

Senior Level, Lead/Staff

$137K/yr - $155K/yr

10+ years exp

TekSynap is a fast growing high-tech company that understands both the pace of technology today and the need to have a comprehensive well planned information management environment. We are seeking a Splunk Security Engineer to join our team supporting the Nuclear Regulatory Commission in Rockville, MD, where the main responsibilities include administering the Splunk log management system and ensuring the security systems are effectively sending logs for analysis.

ComputerInformation ServicesInformation Technology

Growth Opportunities

No H1B

U.S. Citizen Only

Responsibilities

Administer the Splunk based log management system and analyze the current logging capabilities

Ensure the Agency Information Security systems administered by the Team are sending all required logs to the log management system

Maintain the Log Management and Security Information and Event Management system to collect and aggregate IDS/IPS data from network sensors, raw data from collection agents, firewalls (including but not limited to Layer 7 Application Firewalls), proxy servers, DLP, antivirus/endpoint protection software, and vulnerability scanner elements

Tune the SIEM and IDS/Intrusion Prevention System (IPS) events to minimize false positives

Enroll NRC network and systems information into the SIEM tool, using information from the Vulnerability and Compliance Scanning System (VCSS) and input from ISSOs, and perform asset categorization and privatization

Tune the capabilities as practicable to improve efficiency and ensure that reporting capabilities of the log management system are working properly

Validate that agency log retention requirements are configured properly within the agency’s log management system

Identify shortfalls in the current capability and identify systems that are not sending logs to the agency log management system

Recommend improvements to current processes

Provide technical guidance to administrators of other IT systems to ensure their logs are sent to the agency’s log management system

Configure agency’s log management system role-based access controls so that logs for specific systems can only be accessed by designated administrators

Qualification

SplunkSIEMLog ManagementLinux AdministrationLog Forwarder ConfigurationDocumentation SkillsCapacity PlanningScriptingTechnical GuidanceCollaboration

Required

Bachelor's Degree and a Minimum 10 years of relevant experience with Security Information and Event Management

Experience in architecture, design, support, maintenance, and expansion of an enterprise log management/SIEM infrastructure in a highly resilient configuration

Experience in monitoring an enterprise log management/SIEM server and agent infrastructure for capacity planning and system optimization

Experience in deployment, configuration and maintenance of log forwarder agents across a variety of UNIX and Windows platforms

Experience in collaboration with a variety of IT stakeholders in design and maintenance of production-quality log management/SIEM reports and dashboards to support data analysis and visualization

Experience in creation and maintenance of documentation related to log management/SIEM infrastructure configuration and operational processes

Advanced system administration skills with Linux operating systems

5+ years of experience with Splunk

Must successfully pass a drug screening

Must be able to successfully obtain a Public Trust

Telework (must be local to the DC, Maryland, Virginia area)

Must be a U.S. Citizen

Must be able to obtain Public Trust