Sr. CYBER Security engineer
Foxhole Technology is seeking a senior security engineer who has Splunk experience to support a Federal agency. Candidates will architect, implement, and optimize cyber security solutions to include Splunk, SourceFire, and RedSeal. Splunk solutions require the candidate to integrate data feeds and create content in a distributed computing environment. This requires the ability to architect and implement Splunk solutions in support of cybersecurity analysts. The focus of this role is primarily on engineering, maintaining and monitoring a large suite of cybersecurity tools while also assisting in all future installations.
The ideal candidate will be well versed in Splunk technology and implementation of best practices. This includes advanced Splunk Search Processing Language skills, expertise in developing Splunk dashboards, data models, reports and applications. Experience with storage technologies, SQL Server, cloud based services, and many of today's security tools sets (IPS/IDS, AV, Firewalls, Switches, etc.) is highly desirable.
- Serve as lead engineer responsible for all aspects of the team’s activities.
- Implement and conduct security engineering activities in accordance with the organization's relevant approved processes, technical operations, available security tools and strategic vision.
- Develop dashboards, data models, reports and optimize performance with all tools supporting the environment.
- Troubleshoot security tool technical issues to determine root cause and resolve or implement workaround as necessary.
- Architect, implement, and use all available tools in a highly available, redundant, distributed computing environment.
- Perform Splunk forwarder deployment, configuration and troubleshooting across a variety of platforms.
- Deploy new Splunk instances, including clustered deployments.
- Monitor Splunk internal logs to identify and resolve potential performance issues.
- Tune the Splunk infrastructure and lead capacity planning and continuity of operations tasks.
- Perform data integration, data transformation, field extraction, event parsing, data preview, and application management of Splunk.
- Design and customize complex search queries.
Required education and Skills
Desired skills and certifications
- BS degree.
- Demonstrated 6+ years knowledge and hands-on experience in security with an emphasis in engineering design, system analytics, operations and maintenance of a variety of security technologies.
- 3 years of experience with network security, system security, and supporting security information and event management (SIEM) tools.
- Demonstrated experience in the implementation of information engineering projects; systems analysis, design and programming using standard tools and methods.
- Strong written and verbal communication skills.
- 7+ years of IT experience in a technical position.
- Certified Splunk Administrator/Architect.
- 2 years of hands-on experience installing, configuring and administering Splunk.
- Proficiency with Linux and Windows platforms.
- Familiar with various distributed compute environments including client-server, VMs, AWS, GCP.
- Experience with one or more programming/scripting languages (e.g., Perl, Python, Java).
- Basic VMWare knowledge.
- Familiarity with network based storage technologies.
- Understanding of the function, operations and management of network infrastructure components (switches, routers, firewalls, load balancers, etc.).
- Security certification such as: CISSP; SANS GIAC; Security +; Network +; Linux +; MCSE; CCNA-Security; or Splunk Power User/Administrator.