CLIENT: Federal
Position : Security Engineer/ Splunk Engineer
6 months Contract
Washington, DC (Onsite)
Education: Bachelor’s degree in in Cybersecurity or related field.
Required Skills: "Five (5) to seven (7) years of hands-on experience with security monitoring tools such as IDS/IPS, FWs and NACs and protocols such as NetFlow (Snort, Bro, Palo Alto, Checkpoint, Cisco Client, FireEye, Gigamon).
• Experience working with cloud services such as AWS, Azure and O365 and cloud access security brokers.
• Experience in the use of network monitoring tools with a strong understanding of network protocols.
• Ability to perform security analysis, development and implementation of security policies, standards, and guidelines.
• Ability to quickly explore, examine and understand complex security problems and how it affects a customer's business.
• Experience with both the Linux and Windows operating systems. "
Preferred Skills: Splunk Engineer experience.
Day-to-day Responsibilities: "Development, deployment, or administration of Splunk.
• Onboard Splunk ES critical data sources - ingestion of critical data sources/data logs from the enterprise into the Security Information Event Management (SIEM) tool to meet the Splunk Enterprise Security (ES) implementation.
• Normalize Log Data to Common Information Model (CIM) as required by Splunk ES to meet the provided security use cases (Rules/Alerts).
• Create viewable Splunk dashboards to provide visibility into ingested log data.
• Create alerts that trigger/activate on configured setting to deploy or sends a note, email, or attachments to a particulate destination email or groups.
• Create security rules (alerts) that trigger on anomalous activities or threat detections.
• Splunk Support - Assisting Customers with any issues when ingestion of logs that are not working properly or communication issues with Splunk.
• Resolve Splunk infrastructure or system issues.
• Development, deployment, or administration of VMware, RSA NetWitness, Cisco StealthWatch or similar tools.
• Check virtual server availability, functionality, integrity, and efficiency.
• Manage virtual server resources including performance, capacity, availability, serviceability, and recoverability.
• Monitor and maintain virtual server configuration.
• Diagnose failed servers or connectivity problems. ".