CYBER Security SME
Foxhole Technology is seeking a cyber security SME with Splunk experience to support the Department of Eduction. This role is a key personnel position that requires working directly with senior management. This position is responsible for the architecture, implementation and optimization of cyber security solutions using Splunk, SourceFire and RedSeal. Splunk solutions require integration of data feeds and content creation in a distributed computing environment. The focus of this role is primarily on engineering and maintaining/monitoring a large suite of cybersecurity tools, while also assisting in the vision architecture and implementation of future installations.
The ideal candidate will be well versed in Splunk technology and implementation of best practices. This includes advanced Splunk Search Processing Language skills, expertise in developing Splunk dashboards, data models, reports and applications. Experience with storage technologies, SQL Server, cloud based services, and many of today's security tools sets (IPS/IDS, AV, Firewalls, Switches, etc.) is highly desirable.
- Serve as lead engineer responsible for all aspects of the team’s activities.
- Implement and conduct security engineering activities in accordance with the organization's relevant approved processes, technical operations, available security tools and strategic vision.
- Develop dashboards, data models, reports and optimize performance with all tools supporting the environment.
- Troubleshoot security tool technical issues to determine root cause and resolve or implement workaround as necessary.
- Architect, implement, and use all available tools in a highly available, redundant, distributed computing environment.
- Perform Splunk forwarder deployment, configuration and troubleshooting across a variety of platforms.
- Deploy new Splunk instances, including clustered deployments.
- Monitor Splunk internal logs to identify and resolve potential performance issues.
- Tune the Splunk infrastructure and lead capacity planning and continuity of operations tasks.
- Perform data integration, data transformation, field extraction, event parsing, data preview, and application management of Splunk.
- Design and customize complex search queries.
Required education and Skills
Desired skills and certifications
- BS degree.
- Demonstrated 6+ years knowledge and hands-on experience in security with an emphasis in engineering design, system analytics, operations and maintenance of a variety of security technologies.
- 3 years of experience with network security, system security, and supporting security information and event management (SIEM) tools.
- Demonstrated experience in the implementation of information engineering projects; systems analysis, design and programming using standard tools and methods.
- Strong written and verbal communication skills.
- 7+ years of IT experience in a technical position.
- Certified Splunk Administrator/Architect.
- 2 years of hands-on experience installing, configuring and administering Splunk.
- Proficiency with Linux and Windows platforms.
- Familiar with various distributed compute environments including client-server, VMs, AWS, GCP.
- Experience with one or more programming/scripting languages (e.g., Perl, Python, Java).
- Basic VMWare knowledge.
- Familiarity with network based storage technologies.
- Understanding of the function, operations and management of network infrastructure components (switches, routers, firewalls, load balancers, etc.).
- Security certification such as: CISSP; SANS GIAC; Security +; Network +; Linux +; MCSE; CCNA-Security; or Splunk Power User/Administrator.