SOC Splunk Engineer

Job Description

We are looking for an experienced SOC Splunk Engineer to join our team in Washington D.C. 20220. This role focuses on designing, implementing, and maintaining robust security systems to safeguard sensitive data and ensure compliance with organizational standards. As this is a long-term contract position, you will have the opportunity to contribute to strategic security initiatives while collaborating with cross-functional teams.

Key Responsibilities:

Administer Splunk Enterprise Security (ES) infrastructure, including data source configuration, troubleshooting, and optimization.

Create dashboards, notable events, visualizations, and actionable content using SPL to aid in security investigation and monitoring.

Perform deep-dive investigations on security events, leveraging your expertise in network traffic analysis, endpoint threat detection, and SIEM operations.

Analyze and discern security incidents from false positive events, triaging and responding to cyberattacks with effective countermeasures.

Collaborate with security teams to develop custom detection use cases, rules, filters, and security content to identify anomalous patterns and emerging threats.

Onboard and curate new data sources for Splunk, including troubleshooting to ensure proper data ingestion and alignment.

Utilize intrusion detection systems (IDS) and other SOC tools to monitor, detect, and respond to threats.

Research and integrate monitoring content for emerging threats, driving improvements in security operations.

Support enterprise environments, with hands-on experience troubleshooting event issues and ensuring data availability across tools and workflows.

Required Qualifications:

2-5 years of experience in network defense environments.

Splunk Admin Certification.

Proficiency in Splunk Administration and Enterprise Security (ES), including managing and analyzing data sources and creating content like dashboards and notables.

Strong analytical and technical expertise in computer network defense operations, including incident handling, hunting, and malware analysis.

Proven ability to identify, triage, and respond to security incidents, including constructing countermeasures.

Hands-on experience with common SOC tools, such as IDS, security event management platforms, and endpoint detection tools.

Knowledge of network routing protocols (e.g., TCP, UDP, ICMP, BGP, etc.) and common enterprise applications and standards (e.g., SMTP, DNS, HTTP, DHCP, etc.).

Working knowledge of Windows Active Directory, Linux, and OS X operating systems in enterprise environments.

Strong communication skills and ability to document, track, and communicate activities within SOC workflows.

Experience identifying and implementing mitigating controls for potential threats.

Desired Qualifications:

Proficiency in researching emerging threats and developing corresponding security monitoring content.

Familiarity with security tools such as FireEye, Palo Alto, and the full Microsoft O365 suite (Compliance Center).

Relevant certifications such as Security+, CySA+, GCIA, or GCIH.

Experience with scripting or automation to improve security operations.

Familiarity with cloud security monitoring in environments like AWS or Azure.

Education:

Bachelor’s degree (preferred) in Computer Science, Cybersecurity, or related disciplines, or equivalent work experience.