Serves as a member of a Cyber Security Service Provider (CSSP) team as the Security Information and Event Management (SIEM) administrator in accordance with the provisions of DoD Directive 8570.01-M. The SIEM administrator will be responsible for ensuring that logs are collected from systems and devices across the architecture into Splunk for analysis. Assesses the impact of incidents and events to systems (critical, sensitive data) and provides direction to system and network administrators. Performs advanced analysis of log files, threat vector indicators, vulnerability analysis, external reports, and internal guidance to identify false positive and true positive events. Creates queries, dashboards, and visualizations to support customer requirements and monitoring of the Splunk deployment. Assists the incident response team in investigating alerts along with opportunities to automate and tune response activities. Provides recommendations with network and system administrators to ensure audit configurations are optimized to meet Cyber requirements. Coordinates with network administrators to tune IDS/IPS devices. Identify and integrate internal and external data sources, perform analysis of data trends, create queries and maintain SIEM dashboards. Will be responsible for creating and maintaining documentation to support the RMF accreditation process.
US Top Secret Security Clearance (or Secret with SSBI) CASP certification required; CISSP certification preferred. Certification in Splunk or other SIEM solution desired.
5-7 Years' experience in managing and working with Splunk and/or Security Onion preferred.
Knowledge of network security zones, firewall, IDS. Knowledge of log formats for syslog, http logs, and DB logs. Knowledge of Linux and Windows platforms and their logging characteristics.
- Candidate must be able to meet German TESA requirements. - Candidate must possess DoD 8570 IAT Level II certification on Day 1. - Candidate must obtain ITIL Foundation certification within 90 days of hire.
TESA requirements: - A bachelors degree plus 3 years of recent specialized experience, OR; - An associates degree plus 7 years of recent specialized experience, OR; - A major certification plus 7 years of recent specialized experience, OR; - 11 years of recent specialized experience.
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.