[Remote] Splunk Detection Engineer
Note: The job is a remote job and is open to candidates in USA. Boston Government Services, LLC (BGS) is an engineering, technology, and security firm that supports missions of national importance. They are seeking a Splunk Detection Engineer to integrate data sources, validate configurations, and develop searches and reports for cybersecurity use cases.
Responsibilities
ā¢ Integrate new data sources, which may include databases, APIs, files, etc. This may involve setting standards and working with IT administrators to update their configurations
ā¢ Validating and creating appropriate configurations for CIM compliant logs
ā¢ Processing requests from cybersecurity analysts for new detections within Splunk Enterprise Security
ā¢ Analyzing existing logs to identify poorly formatted logs and potential gaps when implementing new detections
ā¢ Adding and maintaining threat feeds within Splunk Enterprise Security
ā¢ Monitoring the performance of and tuning detections
ā¢ Managing asset and identity inventory within Splunk Enterprise Security
ā¢ Creating and maintaining new Splunk apps
ā¢ Recommending additions or changes to Splunk or its data models to meet detection needs
ā¢ Developing searches, reports, and other functionalities for cyber-based use-cases, including active response, intrusion detection, vulnerability management, and related use cases
ā¢ Assisting users with creating and optimizing searches and dashboards and mentoring others in good development of said resources
ā¢ Attend online/Teams meetings with team and others as appropriate
ā¢ Work with team to provide status on current task, suggest improvements, discuss implementation, etc
ā¢ Capture business requirements and implement the requirements
ā¢ Analyze data and perform initial planning to address identified issues
ā¢ Assist with the creation of playbooks to address identified issues from analysts
ā¢ Seek to understand the intention of detections and corresponding playbooks
ā¢ Provide basic feedback on existing playbooks and detections
ā¢ Identify telemetry quality and visibility issues (SIEM parsing/normalization, EDR/XDR sensor health, asset/identity tagging)
ā¢ Provide advanced recommendations to address gaps in logging and detections based on an analysis of threats and data
ā¢ Create detailed and thorough testing plans to ensure higher chance of accurate detections
ā¢ Produce clear metrics and reports (FP rate, backlog) for technical and executive audiences
ā¢ Create advanced use cases for detections based on an analysis of threats and data, including sample criteria to identify the behavior and mapping detections to MITRE Telecommunication & CK
ā¢ Drive continuous improvements to existing processes or tooling
ā¢ Perform quality reviews and improve detections and actions
ā¢ Coach, guide, teach others on the team in use of Enterprise Security
Skills
ā¢ Significant experience with Splunk and Splunk Enterprise Security
ā¢ Significant experience with event logging solutions (e.g., Splunk Universal Forwarder, syslog, Cribl)
ā¢ Experience with ticketing/case management
ā¢ Experience with Git pipelines
ā¢ Familiarity with using Linux CLI
ā¢ Ability to craft queries using common languages; comfort with regex, JSON and APIs; basic scripting in Python/PowerShell/Bash
ā¢ Excellent analytical, problem-solving, and communication skills both with stakeholders, peers, and internal customers; able to operate under pressure in a shift or on-call environment
ā¢ Considerable knowledge using and administering Splunk
ā¢ Staying up to date with the latest cybersecurity threats, vulnerabilities, and best practices
ā¢ Strong analytical and problem-solving skills
ā¢ Meticulous attention to detail to ensure thorough assessments and accurate reporting
ā¢ Excellent written and verbal communication skills to effectively convey findings and recommendations to technical and non-technical stakeholders
ā¢ Ability to work collaboratively with other cybersecurity professionals, IT staff, and external vendors
ā¢ Experience and skill in conducting audits or reviews of technical systems
ā¢ Experience working in a government environment
ā¢ Experience working in a distributed IT environment
ā¢ Ability to qualify for HSPD-12 card for use in two-factor authentication
ā¢ Strong grasp of TCP/IP, OSI model, and common protocols (HTTP, DNS, SMTP)
ā¢ Windows/Linux/macOS fundamentals; Active Directory/Azure AD concepts; basic cloud logging
ā¢ Experience in system and network administration
ā¢ Relevant cybersecurity experience including investigations and data analysis
ā¢ Experience with SOAR tools and automation development
ā¢ Experience using identity security/management tools (e.g., Entra ID, Active Directory, Shibboleth, CrowdStrike Identity Protection)
ā¢ Cloud security experience (e.g., CloudTrail/GuardDuty, Azure Defender/M365, GCP Security Command Center)
Benefits
ā¢ Health
ā¢ Dental
ā¢ Vision
ā¢ Life Insurance
ā¢ Paid Vacation
ā¢ 401K
ā¢ Long and Short-Term Disability
Company Overview
ā¢ Boston Government Services, LLC (BGS) is an engineering, technology, and security firm providing mission-focused solutions for the clean energy, nuclear, and federal programs markets. It was founded in 2007, and is headquartered in Oak Ridge, Tennessee, USA, with a workforce of 201-500 employees. Its website is https://www.bgs-llc.com/.
Apply tot his job
Apply To this Job
Responsibilities
ā¢ Integrate new data sources, which may include databases, APIs, files, etc. This may involve setting standards and working with IT administrators to update their configurations
ā¢ Validating and creating appropriate configurations for CIM compliant logs
ā¢ Processing requests from cybersecurity analysts for new detections within Splunk Enterprise Security
ā¢ Analyzing existing logs to identify poorly formatted logs and potential gaps when implementing new detections
ā¢ Adding and maintaining threat feeds within Splunk Enterprise Security
ā¢ Monitoring the performance of and tuning detections
ā¢ Managing asset and identity inventory within Splunk Enterprise Security
ā¢ Creating and maintaining new Splunk apps
ā¢ Recommending additions or changes to Splunk or its data models to meet detection needs
ā¢ Developing searches, reports, and other functionalities for cyber-based use-cases, including active response, intrusion detection, vulnerability management, and related use cases
ā¢ Assisting users with creating and optimizing searches and dashboards and mentoring others in good development of said resources
ā¢ Attend online/Teams meetings with team and others as appropriate
ā¢ Work with team to provide status on current task, suggest improvements, discuss implementation, etc
ā¢ Capture business requirements and implement the requirements
ā¢ Analyze data and perform initial planning to address identified issues
ā¢ Assist with the creation of playbooks to address identified issues from analysts
ā¢ Seek to understand the intention of detections and corresponding playbooks
ā¢ Provide basic feedback on existing playbooks and detections
ā¢ Identify telemetry quality and visibility issues (SIEM parsing/normalization, EDR/XDR sensor health, asset/identity tagging)
ā¢ Provide advanced recommendations to address gaps in logging and detections based on an analysis of threats and data
ā¢ Create detailed and thorough testing plans to ensure higher chance of accurate detections
ā¢ Produce clear metrics and reports (FP rate, backlog) for technical and executive audiences
ā¢ Create advanced use cases for detections based on an analysis of threats and data, including sample criteria to identify the behavior and mapping detections to MITRE Telecommunication & CK
ā¢ Drive continuous improvements to existing processes or tooling
ā¢ Perform quality reviews and improve detections and actions
ā¢ Coach, guide, teach others on the team in use of Enterprise Security
Skills
ā¢ Significant experience with Splunk and Splunk Enterprise Security
ā¢ Significant experience with event logging solutions (e.g., Splunk Universal Forwarder, syslog, Cribl)
ā¢ Experience with ticketing/case management
ā¢ Experience with Git pipelines
ā¢ Familiarity with using Linux CLI
ā¢ Ability to craft queries using common languages; comfort with regex, JSON and APIs; basic scripting in Python/PowerShell/Bash
ā¢ Excellent analytical, problem-solving, and communication skills both with stakeholders, peers, and internal customers; able to operate under pressure in a shift or on-call environment
ā¢ Considerable knowledge using and administering Splunk
ā¢ Staying up to date with the latest cybersecurity threats, vulnerabilities, and best practices
ā¢ Strong analytical and problem-solving skills
ā¢ Meticulous attention to detail to ensure thorough assessments and accurate reporting
ā¢ Excellent written and verbal communication skills to effectively convey findings and recommendations to technical and non-technical stakeholders
ā¢ Ability to work collaboratively with other cybersecurity professionals, IT staff, and external vendors
ā¢ Experience and skill in conducting audits or reviews of technical systems
ā¢ Experience working in a government environment
ā¢ Experience working in a distributed IT environment
ā¢ Ability to qualify for HSPD-12 card for use in two-factor authentication
ā¢ Strong grasp of TCP/IP, OSI model, and common protocols (HTTP, DNS, SMTP)
ā¢ Windows/Linux/macOS fundamentals; Active Directory/Azure AD concepts; basic cloud logging
ā¢ Experience in system and network administration
ā¢ Relevant cybersecurity experience including investigations and data analysis
ā¢ Experience with SOAR tools and automation development
ā¢ Experience using identity security/management tools (e.g., Entra ID, Active Directory, Shibboleth, CrowdStrike Identity Protection)
ā¢ Cloud security experience (e.g., CloudTrail/GuardDuty, Azure Defender/M365, GCP Security Command Center)
Benefits
ā¢ Health
ā¢ Dental
ā¢ Vision
ā¢ Life Insurance
ā¢ Paid Vacation
ā¢ 401K
ā¢ Long and Short-Term Disability
Company Overview
ā¢ Boston Government Services, LLC (BGS) is an engineering, technology, and security firm providing mission-focused solutions for the clean energy, nuclear, and federal programs markets. It was founded in 2007, and is headquartered in Oak Ridge, Tennessee, USA, with a workforce of 201-500 employees. Its website is https://www.bgs-llc.com/.
Apply tot his job
Apply To this Job