Be an early applicantLess than 25 applicants

Company

Tier One Technologies, LLC · 10 hours ago

Splunk Cybersecurity Solutions Engineer/Architect (no C2C candidates please)

United States

Contract

Remote

Senior Level, Lead/Staff

10+ years exp

Maximize your interview chances

IT Services and IT Consulting

No H1B

U.S. Citizen Only

Security Clearance Required

Insider Connection @Tier One Technologies, LLC

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Develop and Implement Actionable Alerts and Workflow for Splunk as a SIEM (Security Information & Event Management) tool.

Develop and Implement Apps & Knowledge Objects (KO) like Dashboard, Reports, Data Models.

Work with the Splunk Architect/Admin to promote private KO to Global KO.

Assist, and/or train CISO Splunk Engineering team on Data Lifecycle Support.

Assist, train, and/or host workshops CISO teams and analysts on Searching and Content Development.

Develop and implement automation to improve efficiency of CISO workflows using Splunk.

Assist in development of advanced security use cases in Splunk.

Develop risk rules and risk incident rules to correlate and alert to significant cyber events.

Develop custom dashboards specific to RBA (Risk Based Alerting) to highlight risk detail, health analysis and risk suppression.

Configure incident response and remediation workflows for ES around notable events (RBA or otherwise alerted).

Develop custom machine learning (ML) models to support anomaly-detection based augmentation of alerting.

Work with numerous stakeholders to implement & maintain events logging from various operating systems, applications, identity providers, network infrastructure, and cloud service providers.

Responsible for tuning and configuration of Splunk Core and Splunk Enterprise Security (ES) services, develop use cases with CISO end users to build content and assist in developing advanced security use cases.

Participate in requirements gathering, solutions architecting, design and build of technology solutions to support Continuous Monitoring Program. Assist, train, and host workshops for CISO teams.

Support off-hours and weekend efforts for incident investigations and systems maintenance.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

SplunkRisk-Based Alerting (RBA)TaniumMicrosoft DefenderSysmonMicrosoft O365 SecurityVDIVMwareLinux Audit loggingNetwork protocolsOperating systemsDevice event telemetryNetwork defense toolsEndpoint defense toolsSAAS Splunk implementationCollaboration skills

Required

Bachelor’s degree in Computer Science, Information Systems, or related field.

10+ years of IT related experience.

Expertise in implementing dynamic detections, integrating alerting platforms with, but no limited to, Tanium, SEP, Microsoft Defender for endpoint, Sysmon, Microsoft O365 Security alerting, Analyst1, VDI, VMware, Linux Audit logging in conjunction with the advanced Risk-Based Alerting (RBA) security framework.

Strong understanding of network protocols, operating systems, applications, and device event telemetry.

Familiarity with network defense tools (firewall, IPS/IDS, WAF/CDN, etc.), endpoint defense tools (EDR, anti-malware) a plus.

Solid communication and collaboration skills, both oral and written, with excellent interpersonal and organizational skills.

Must be a US Citizen or have permanent residence status (Green Card).

Must be able to obtain a Position of Public Trust Clearance.

Must be able to pass a drug screening, criminal history, and credit checks.

Must have lived in the United States for the past 5 years.

Cannot have more than 6 months travel outside the United States within the last five years. Military Service excluded. (Exception does not include military family members).