Previous Job
Telecommunications Engineer - III
Ref No.: 18-00688
Location: Ashburn, Virginia

The Senior Splunk Analyst will be responsible for analyzing the most complex threats and act as an escalation point for other security analysts, managing Splunk implementations for managed security services customers, as well as use case creation, dashboards, tuning, and log source configuration. As a Splunk Analyst you will:
• Be responsible for advanced security event detection and threat analysis for complex and/or escalated security events
• Provide log/network/malware/device analysis and making recommendations for remediation of security vulnerability conditions
• Validate log sources and indexed data, search through indexed data to optimize search criteria
• Add Customer Context, eliminate "noise” and false positives, and develop trends and data models
• Distill Customer intelligence feeds; use cases, trends and data models
• Create custom alert schema, reports and custom dashboards

Minimum Qualifications:
• 4+ years direct experience with Splunk as an Engineer or Administrator
• 7+ years of experience investigating network threats with advanced analysis experience of multiple attack vectors such as Malware, Trojans, Exploit Kits, Ransomware and Phishing techniques, APTs, etc.
• TCP/IP networking skills to perform packet and log analysis
• Must be a motivated and customer-focused SIEM engineer who can work as a subject matter expert. Requires expert level understanding of SIEM platforms
• Strong understanding of Splunk Use Case creation, Dashboards and Tuning
• Strong Splunk Enterprise Security (ES) experience to include Index Design, Infrastructure, Data Collection, Deployment Management, Data Enrichment, Querying, Integration and Operations
• Security Analysis experience to include incident classification, investigation and remediation
• Must have, or be qualified to obtain, a government clearance at the Secret level

Preferred Qualifications:
• Linux, Perl, Python scripting
• SANS or other Security industry certifications such as GIAC, GSEC, GCIA, GCIH, GREM, GPEN or OSCP
• Arcsight or RSA Security Analytics experience
• RSA Archer Security Operations Management experience
• Bachelor's Degree preferred