Full-Time Splunk Engineer

About Zen: Own your opportunity to work with a client-focused growing agile small business. Make an impact by advancing our government organizations charged with keeping our country safe, prosperous, and secure.

Position Description: The Candidate shall assess, architect, implement, deploy, and operate solutions for capturing security relevant information (e.g. log data, Active Directory data), and analyzing it to identify markers, patterns, and anomalies that indicate intrusions, lateral movement, command and control, data exfiltration, or other security issues. The Contractor shall operate the USCIS Security Information and Event Management (SIEM) tool and work collaboratively with development and operational teams to set and implement standards for logging. The system currently in use is Splunk Enterprise.

Responsibilities:

1. Provide DevSecOps support for a multi-data center, multi-cloud, multi-region log management system, including user account and access management, server management, monitoring, and patching, Splunk data management, Splunk version upgrades, installation & maintenance of Splunk applications and add-ons.
2. Improve log coverage and quality, including:
• Reconciling records of log sources in Splunk with other asset management data to identify assets whose logs are not in Splunk.
• Establishing specific logging standards for commonly used software applications and monitoring compliance with the standard.
• Auditing log content and quality for custom developed USCIS applications.
• Automating the production of documentation of the log sources in each Splunk index.

Provide DevSecOps support to deploy visualization, analysis, analytics, and anomaly detection capabilities, evaluating, deploying, and operating visualization, security analysis, and anomaly detection capabilities. Operate, maintain and improve Exabeam Threat Hunter or other User Behavioral Analytics Solution. Implement machine learning to improve existing anomaly detection and analysis capabilities. Develop and deploy custom dashboards and visualizations or modify existing ones. Use Agile tools such as JIRA, Confluence and MS Teams to provide transparency and allow information to be visible in real time, create a unified backlog ensuring visibility into all areas of work and identifying inter-dependencies between teams.

Requirements:

• Bachelor’s in computer science
• Five years of experience in IT systems administration and two years of specialized experience in implementing enterprise security products and solutions.
• Two years of Linux systems administration experience.
• At least two years prior proficient experience operating a mid-size Splunk cluster or one year’s experience and Splunk certification or other comparable certifications or experience, which must be approved in advance by the Government Program Manager on a case-by-case basis.
• Superior technical aptitude, effective written and verbal communications skills.
• Experience with MS Office Suite, JIRA and Confluence & Familiarity with ITIL, DevSecOps and Agile concepts
• Familiarity with one or more of the following: Python, Cribl, Sumo Logic, GitHub, AWS, Azure, Google Cloud

Desired Certifications: Splunk Architect, Splunk Admin, Splunk Power User, Security +

Security Clearance Requirements: U.S. Citizen with the ability to obtain Public Trust and complete DHS Security Clearance, Ability to obtain DHS EOD suitability, Current DHS EOD highly preferred

What is the last date for applying to the job?

Which countries are accepted for this remote job?