SIEM/Splunk Information Engineer

SIEM/Splunk Information Engineer

Job Description:

Our client is seeking a Security Information and Event Management (SIEM) candidate with Splunk/ArcSight/ElasticSearch experience for a position as part of a team supporting the Defense Information Security Agency (DISA) at Ft. Meade, Maryland. Current work is onsite 2-3 days per week, but would need to be able to support a 5 day a week schedule if mission needs dictate. Opportunity to work alongside Splunk SMEs and learn about moving from an on-premise solution to a cloud solution (AWS). This is a fantastic opportunity to grow skills while the migration is in the early stages.

Primary responsibilities will include, but are not limited to:

• Helps prepare, publish, and continuously maintain on-site support requirements list deliverable, software code and associated documentation deliverable, cyber situational awareness tools, scripts, and analytics maintenance plan deliverable and analytics repository deliverable.


• Provides all on-site support to each cyber operational stakeholder team during regular business hours at the specified location. The on-site support shall function as the embedded Subject Matter Expert at their operational location for current and future UCSA tools.


• Applies business process improvement practices to reengineer methodologies/principles and business process modernization projects.


• Applies, as appropriate, activity and data modeling, transaction flow analysis, internal control and risk analysis and modern business methods and performance measurement techniques.


• Assists in establishing standards for information systems procedures. Develops and applies organization-wide information models for use in designing and building integrated, shared software and database management systems.


• Constructs sound, logical business improvement opportunities consistent with corporate Information Management guiding principles, cost savings, and open system architecture objectives.


• Analyzes and recommends resolution of security/IA problems on basis of knowledge of the major IA products and services, an understanding of their limitations, and knowledge of the IA disciplines.

Requirements:

• BA/BS in a technical discipline with at least 8 years of experience, additional experience may be considered in lieu of a degree. Years of experience requirement can be waived for the right candidate.


• Qualified IA personnel IAW DoDD 8570 and DoDD 8140, minimum of IAT II.


• Demonstrated expertise in Federal Government Security Event Management is absolutely necessary.


• Ability to assimilate new technologies quickly using existing knowledge


• Experience in providing technical expertise on executive level project teams and developing technical solutions to complex problems to support the customers mission success.


• Must have experience troubleshooting, administering, and maintaining large Splunk / ArcSight / ElasticSearch solutions


• Active Top Secret Clearance Required

Preferred Qualifications

• Splunk Admin or Splunk Professional certified


• Experience/knowledge in statistical and analytical modeling


• Experience with DISA Network Enclaves


• Experience with such methodologies as IDEF 0 process modeling and IDEF 1x data modeling


• Experience architecting and implementing distributed search capabilities