Security Engineer (SPLUNK SME) w Active DoD Secret Clearance

Date Posted: 12-03-2018
Intermedia Group has an opening at one of its clients:

TITLE:  Security Engineer (SPLUNK SME) w Active DoD Secret Clearance

LOCATION: Arlington, VA


TYPE: Salaried Position with benefits

REQUIRED CERTIFICATIONS: DOD 8570 IAT II certified: Security+, SSCP, GSEC, GICSP, CCNA-Security, or CySA+ certification; IAT III certifications also qualify: CISA, CISSP, CASP CE, GCIH, or GCED​

  • Serve as Splunk subject matter expert, responsible for engineering and maintenance of multiple clustered instances
  • Provide implementation of technology that supports network defense, vulnerability management, and incident response based on our client’s unique mission needs.
  • Implement and maintain security stack components, such as IDS/IPS, firewalls, SIEM, and host-based security systems.
  • Mature the existing Splunk instances to support robust incident detection and insider threat programs
  • Build system configuration baselines that leverage the Security Content Automation Protocol (SCAP) for both Windows and UNIX operating systems.
  • Engineer event log correlation solutions to support effective customer response to security incidents.
  • Conduct incident response actions based on detected events and incidents
  • Research and analysis of new security products for technology insertion
  • Validate and develop cyber security requirements
  • Develop cyber security engineering solutions for various aspects of security
  • Work with stakeholders in functional and technical areas in support of engineering tasks
Education and Certifications:
  • DOD 8570 IAT II certified: Security+, SSCP, GSEC, GICSP, CCNA-Security, or CySA+ certification; IAT III certifications also qualify: CISA, CISSP, CASP CE, GCIH, or GCED
  • Bachelor’s degree in an IT-related, math, or scientific program; will consider equivalent professional experience and certifications in lieu of degree
Background Needed and Years of Experience:
  • 5 years of cyber security experience, 10 years of IT experience,
  • Solid knowledge of cyber security principles and practices, as well as an advanced understanding of various technologies
  • Extensive experience building and maintaining Splunk instances in a DoD/IC specific environment
  • Experience using Splunk or other SIEM to correlate events and identify possible security events and incidents; must then be able to track down root cause of these events and work with CIRT team to conduct incident response actions
  • Technical proficiency in both *NIX and Windows system administration and configuration.
  • Technical proficiency in networking technologies and principles; routing, switching, subnetting
  • Familiarity with deployments to and implementation of security functions in virtualized environments (VMware & Hyper-V)
  • Familiarity with Windows, *NIX, and applications logs, such as database and web server logs
  • Experience integrating, configuring, and operating the following: Tenable Nessus (ACAS), McAfee ePO (HBSS), next generation firewalls (NGFW) such as Palo Alto Networks, Network IDS/IPS such as Sourcefire
  • Experience implementing and auditing DISA STIG hardening configurations
  • Advanced level understanding of Load Balancing using the F5 BigIP suite of toolsets, Specifically with, LTM, and GTM modules
  • Experience developing infrastructure to support highly available web applications
  • Advanced level understanding of Network Engineering and security considerations as they apply to load balancing and constrained delegation functionality
  • Preferred experience working with the F5 virtual appliance, vs. a physical deployment
  • Excellent communication skills, written and verbal, to be able to effectively document solutions and obtain requirements from customers
Technical Skills (Preferred):
  • Scripting experience (PowerShell, Perl, Ruby, JavaScript)
  • Experience with Risk Management Framework (RMF) and NIST 800 series
  • Experience with regular expressions (REGEX)
  • Familiarity with multi-level classification systems; single networks which support multiple classifications through the use of DAC and trusted cross-domain guards
  • Splunk Administrator or Splunk Architect Certification
  • Experience with SolarWinds for monitoring
  • Experience with NAC supporting 802.1X authentication
  • Experience with NGFWs such as Palo Alto
  • Experience with IDS/IPS such as Snort, Cisco FireSIGHT, and/or Bro
  • Experience with SolarWinds for monitoring
  • Experience with packet analysis through full capture tools
  • Experience with Cyber Deception tools
  • Experience with inline threat prevention such as FireEye or Lastline
If you are interested in pursuing this opportunity, please respond back and include the following:

• Full MS WORD Resume
• Current and required compensation
• Current contact information
• Availability

Upon receipt, one of our managers will contact you to discuss the position in full detail.

Steve Fleischner
Intermedia Group, Inc.

Defense and Intelligence Industry Staffing
212 248-0100



Steve Fleischner | Managing Partner
Intermedia Group Inc. | New York, NY
Main: (212) 248-0100
this job portal is powered by CATS