Job Description

Job Description

Job Description

We are looking for an experienced SOC Splunk Engineer to join our team in Washington D.C. 20220. This role focuses on designing, implementing, and maintaining robust security systems to safeguard sensitive data and ensure compliance with organizational standards. As this is a long-term contract position, you will have the opportunity to contribute to strategic security initiatives while collaborating with cross-functional teams.

Key Responsibilities:

• Administer  Splunk Enterprise Security (ES)infrastructure, including data source configuration, troubleshooting, and optimization.
• Create dashboards, notable events, visualizations, and actionable content using  SPL to aid in security investigation and monitoring.
• Perform deep-dive investigations on security events, leveraging your expertise in  network traffic analysis ,  endpoint threat detection , and  SIEM operations .
• Analyze and discern security incidents from false positive events, triaging and responding to cyberattacks with effective countermeasures.
• Collaborate with security teams to develop custom detection use cases, rules, filters, and security content to identify anomalous patterns and emerging threats.
• Onboard and curate new data sources for Splunk, including troubleshooting to ensure proper data ingestion and alignment.
• Utilize  intrusion detection systems (IDS)and other SOC tools to monitor, detect, and respond to threats.
• Research and integrate monitoring content for emerging threats, driving improvements in security operations.
• Support enterprise environments, with hands-on experience troubleshooting event issues and ensuring data availability across tools and workflows.

Required Qualifications:

• 2-5 years of experience in network defense environments.
• Splunk Admin Certification.
• Proficiency in  Splunk Administration and  Enterprise Security (ES) , including managing and analyzing data sources and creating content like dashboards and notables.
• Strong analytical and technical expertise in  computer network defense operations , including  incident handling ,  hunting , and  malware analysis .
• Proven ability to identify, triage, and respond to security incidents, including constructing countermeasures.
• Hands-on experience with common SOC tools, such as IDS, security event management platforms, and endpoint detection tools.
• Knowledge of network routing protocols (e.g., TCP, UDP, ICMP, BGP, etc.) and common enterprise applications and standards (e.g., SMTP, DNS, DHCP, etc.).
• Working knowledge of  Windows Active Directory , Linux, and OS X operating systems in enterprise environments.
• Strong communication skills and ability to document, track, and communicate activities within SOC workflows.
• Experience identifying and implementing mitigating controls for potential threats.

Desired Qualifications:

• Proficiency in researching  emerging threats and developing corresponding security monitoring content.
• Familiarity with security tools such as  FireEye ,  Palo Alto , and the  full Microsoft O365 suite (Compliance Center) .
• Relevant certifications such as  Security+ ,  CySA+ ,  GCIA , or  GCIH .
• Experience with  scripting or automation to improve security operations.
• Familiarity with  cloud security monitoring in environments like  AWS or  Azure .

Education:

• Bachelor’s degree (preferred) in Computer Science, Cybersecurity, or related disciplines, or equivalent work experience.

Job Tags

Similar Jobs