Cyber Splunk Engineer

We are GDIT. We support and secure some of the most complex government, defense, and intelligence projects across the country. We are looking to hire a Cyber Splunk Engineer that can enhance our security team.

Provide expertise in scripting/programming to maintain our Cyber operation systems. This is primarily a Linux environment that the systems run on top of.  We need to support the various Cyber Security tools, applications and network and endpoint hardware we support. Builds, designs, tests, and deploys perimeter, cloud security systems to support firewalls, proxy devices and other security systems.

Will administer the core Cyber Security applications that we support such as Syslog and log systems, Splunk, Radius and various other security and system tools. Splunk Enterprise and Splunk Enterprise Security being our major tool and focus of this position. Using Splunk Enterprise and Splunk Enterprise Security. Will interface with fellow Cyber and Firewall engineers to gather additional requirements and details to help support the mission of protecting our federal customers environment. Manage vendor ticket, information gathering, and troubleshooting in the event of a platform issue.  This would cover network application issues, providing root cause determination and recommend resolution options.

Supports the planning, documents, and implements hardware and software refresh and upgrade of Cyber Security Systems. Supports periodic firewall rule set review and auditing for standards and use software.  Attends weekly teleconferences, onsite meetings, and participates in working groups, as related to constant changing security environment.

Attends weekly teleconferences, onsite meetings, and participates in working groups, as related to constant changing security environment.

Required Education/Experience:

• Bachelor degree in a computer science/computer engineering related discipline or 10 years of work experience.
• 5 of these years is maintaining linux systems with use of programming and scripting using Perl, Bash, and Python and other advanced languages
• 3 of these years in a Cyber Security environment in support of SIEM and or NOC
• 2 of these supporting IT systems at the enterprise level crossing between Cloud and On Premise environments
• Excellent Linux user and admin skills demonstrating competency to maintain our Cyber Security systems.
• Expert in scripting/programming in a Linux environment to support the various Cyber Security tools and applications required. This would include use of Shell scripting, Perl, Python 3 or above,  Ruby that demonstrates the writing of your own projects and modules.
• Good knowledge of Javascript, Powershell, and/or Visual Basic
• Demonstrate the use of regular expressions
• Knowledge of HTML and web scripting.
• Experience with Syslog-NG and Squid proxy.
• Experience with vulnerability management and remediation.
• Good troubleshooting skills.
• Strong Linux foundation with perl, python and bash programming experience.
• Great organizational skills
• Good to excellent technical writing ability
• Knowledge, understanding, and ideally experience with certificate generation and ideally operation of a Certificate Authority.
• Excellent Excel skills. This is to help with reporting and to perform log analysis.
• Good to excellent technical writing ability (use of language, use of Microsoft Word.).
• Use of collaboration tools (Teams, Confluence, JIRA)

Citizenship: U.S.

Clearance: TS and or DOE Q

Certifications:

One of the following required - Splunk Enterprise Certified Administrator, Splunk Enterprise Security Certified Admin, or Cribl Certified

Desired Experience/Skills/Attributes:

• TCP/IP networking and advanced network concepts
• Proficiency with TCP-IP and IPv4; IPv6 desired
• Load Balancers
• Firewall Experience/Knowledge supporting the configuration and maintenance of Firewall/DMZ infrastructure including Network and Application Firewall Packet Filtering technologies.
• Packet Capture and log analysis experience
• Core IT technologies
• Cloud Environment Knowledge and Admin Experience
• Knowledgeable of RFCs (Requests For Comment). 
• Experienced with network monitoring devices such as HP Openview, Nagios, Zenoss, NeuralStar or other similar monitoring tools.
• Azure, AWS experience is helpful.  
• Experience with SSL and SAML certificates.  
• CISSP, CCNP Security, PCNSE, Network+, Security+, CEH, ITIL (r) Foundation certification, AWS Security, AWS Advanced Networking, Linux scripting and programming in Python and or Pearl greatly desired.