Are you a skilled Security Operations Center (SOC) Analyst with a passion for leveraging Splunk to enhance security monitoring and incident response? Join our client's team as a SOC Analyst focused on Splunk and play a crucial role in protecting the organization's digital assets. As a SOC Analyst, you'll be at the forefront of detecting, analyzing, and responding to security incidents using Splunk's advanced capabilities.
Responsibilities:
1. Design, implement, and manage threat detection alerts and dashboards into Splunk.
2. Develop and maintain signature-based, behavior-based, and anomaly-based detections.
3. Develop threat detections based on research of open sources, NIST 800-53 controls, Department of State guidelines, and network and application architecture/design.
4. Integrate threat intelligence feeds and correlate events from various log sources to identify potential security incidents.
5. Create and maintain documentation, such as job aids and SOPs, on processes, detections, and incident response.
6. Write advanced ad hoc SPL queries.
7. Analyze log files from a variety of sources (for example, individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security.
8. Monitor and investigate alerts, threat hunting, and notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact in accordance with the organization's cyber incident response plan.
9. Prepare reports on investigations, incidents, and other security-related matters.
10. Recommend and implement system enhancements that improve the performance, security, and reliability of the system.
11. Demonstrate flexibility and eagerness to take on challenges by performing tasks not listed above.
12. Provide support and troubleshooting assistance to both the SIEM administrator and system owners in resolving issues related to log parsing and log ingestion.
13. Communicate clearly and concisely with managers and colleagues.
Skills/Must have:
1. U.S. citizenship.
2. 5+ years of related systems security engineering experience, primarily in the federal government environment, dealing with business critical, high-availability systems.
3. 5+ years SOC or cybersecurity-related experience.
4. 3+ years of experience with a SIEM tool, preferably Splunk.
5. Experience with Splunk dashboard and Microsoft Sentinel.
6. 4+ years querying and manipulating data experience, including 2+ years’ experience with SPL (required) with knowledge of data types, conditions, and regular expressions.
7. Expert in SPL or related querying language.
8. Expert in data analytics and log analysis; adept at extracting insights from diverse datasets.
Salary:
$50 Per Hour
Interested? Apply now!
#J-18808-Ljbffr