Find similar career opportunities
Category: Cyber Security Consulting
City: Fairfax, Virginia, United States
Position ID: J0419-0510
Employment Type: Full Time
Meet our professionals
CGI: An employer of choice
Must be open to working at client sites in Washington, DC.
CGI Federal has an exciting opportunity for a Splunk Engineer SME. You will enhance the cyber security posture of 26 civilian government agencies through improved visibility into user credential management. You will actively identify and mitigate a wide range of cyber risks and will also work closely with a wide variety of agencies, learning their mission, priorities, organization and unique challenges. This opportunity will support a dynamic, fast-paced and energetic project running 20+ concurrent implementations.
The Splunk Engineer SME will be supporting a strategic federal cyber security client.
- Primary mission of the project will be in implementing a proactive risk management solution to enhance the customer’s defense posture.
- Candidate will work with a highly skilled and experienced team focusing on next generation security solutions.
- Additionally, this individual will serve as a trusted advisor, technical leader and cyber security expert for the organization and drive future growth capabilities from existing engagements.
- This candidate will function as a security advisor and consultant for customers on people, policy, processes and technology issues surrounding security engagements while helping scope and design multi-vendor security solutions for large networks and supporting customers in their risk and threat mitigation solutions.
- Additionally, the Splunk Engineer SME will play a role in the development of additional cyber security offerings to support both emerging and next generation cyber security technologies.
Your future duties and responsibilities:
- Ability to work with a diverse team on security tools and applications providing custom and tailored software changes as required on Splunk to monitor and detect cyber security threats in an environment for various clients within large program.
- Experienced in working with other cyber security experts to develop use cases, data models and connectors within Splunk to meet overall program objectives.
- Act as the Splunk Search Language (SPL) expert in developing network or endpoint-based anomaly detection alerting logic in SPL and building dashboards to visualize results.
- Able to conduct research in security principles, host and network based security technologies, industrial controls system devices, machine language learning algorithms and attack and mitigation methods.
- Experienced in the design, analysis, evaluation, installation, testing, debugging and installation of Splunk.
- Day-to-day activities include working with customer teams and supporting current tasks and activities.
- Responsibilities include leading customer engineering teams.
- Work closely with customer delivery managers to prioritize daily tasks.
- Participate in technical meetings with customers’ technical specialists.
- Provide tier 3 support for incidents relating to Splunk infrastructure operations.
- Continuously improve customers’ Splunk deployments and integrate new technologies and services.
Required qualifications to be successful in this role:
- Due to the nature of the government contract requirements and/or clearance requirements, US citizenship is required
- Bachelor’s degree in Computer Science or a related field
- 5+ years of experience with Splunk, network security and system security supporting security event management tools, including SIEMs
- 2+ years of experience with rule and advanced logic creation in Splunk
- Thorough understanding and operational experience with Splunk Search Language
- Development of automated searches and applications using Python, shell scripting, HTML, CSS and regular expressions.
- Thorough understanding of Splunk’s Common Information Model (CIM)
- Understanding of Splunk’s advanced capabilities to include: Splunk Enterprise Security (ES), Splunk User Behavior Analytics (UBA), Splunk Machine Learning Toolkit, Splunk Cloud, Advanced Threat Analytics
- Experience in using scripting languages to automate tasks and manipulate data
- Knowledge of enterprise logging, with a focus on application logging
- Education and/or formal training may substitute for experience requirement
- Ability to develop and integrate solutions across a diverse and heterogeneous IT environments.
- Experienced in providing technical integration advice that includes evaluating inputs, WMI issues, crash logs, and alert scripts with the ability to identify and correct vulnerability findings experienced with Splunk migrations and implementations.
- Previous experience with expert knowledge of data normalization and data modeling specifically within the Splunk environment
- Articulate and convey advanced technical concepts in presentations and client meetings
- Development of documentation, architecture diagrams, and process and procedures for end users
- Ability to produce high quality technical documentation
- Excellent troubleshooting skills and strong technical learning aptitude required.
- At least 5 years of experience with a scripting language (Bash, Perl, Python)
- Expertise with Linux and command-line interface
- Experience working with security technologies to include end point security tools, boundary protection technologies, network security tools, and vulnerability management technologies.
- Knowledge of network technology and common internet protocols
- Experience deploying apps within Splunk or administrating the Splunk platform………Read More>>