Overview
Title : Splunk Architect
Location : Fort Meade, MD or San Antonio, TX
US Citizenship : Required
Clearance : TS / SCI w / CI polygraph
Responsibilities
- Lead purple-team campaigns using ATT&CK-aligned threat scenarios relevant to Enterprise Core service components
- Develop custom scripts that support automation for data pipeline health and status, data ingest, and / or support services that must be monitored and optimized
- Identify and understand the techniques used by advanced threat actors, including zero-day vulnerabilities, exploit development, and advanced persistent threats (APTs)
- Collaborate with the SOC team to develop and implement countermeasures, such as antivirus signatures, intrusion detection system (IDS) rules, and mitigation strategies
- Provide expert guidance and advice to other SOC team members, assisting with incident response and malware analysis efforts
- Own the end-to-end SIEM strategy and Splunk platform roadmap aligned to business risk and MITRE ATT&CK
- Develop and deliver training materials to enhance the skills and knowledge of the SOC team in the field of malware reverse engineering
- Maintain up-to-date knowledge of the latest malware threats, vulnerabilities, and industry trends, sharing relevant information with the SOC team
- Serve as Tier-3 escalation for major incidents, craft investigation SPL queries and timeline reconstruction
- Design, deploy, and maintain Splunk Enterprise / Cloud architectures (indexer & search head clustering, cluster master / manager, deployer, DS / CM, MC)
Qualifications
Bachelor's degree in IT, cybersecurity, or related technical field (an additional 4 years of relevant work may be substituted for a degree)Minimum of seven (7) years of experience in security engineering / operations, including at least three (3) years architecting and administering Splunk Enterprise or Splunk Cloud at scale (multi-TB / day or multi-site)Hands-on purple teaming experience, including two (2) years of planning / executing ATT&CK-aligned adversary emulation with measurable detection outcomesProficiency in programming languages or scripting languages like C, C++, Python, Bash, and PowerShellStrong understanding of operating systems, networking protocols, and software exploitation techniquesFamiliarity with various threat intelligence platforms, such as MITRE ATT&CK and the Cyber Kill ChainExcellent written and verbal communication skills, with the ability to present complex information in a clear and concise mannerOne of the following (or equivalent) demonstrating Splunk proficiency : Splunk Core Certified Power User or Splunk Enterprise AdministratorSecurity certification signaling detection / operations skill such as GCDA, GCIA, GMON, GXPN or OSCPExperience with monitoring threats through Tools, Techniques, and Procedures and how they relate to the MITRE ATT&CK frameworkAbility to train and mentor staff and bring awareness to current and emerging threatsTS / SCI clearance with a CI polygraphEqual Opportunity Employer / Veterans / Disabled
Job Posted by ApplicantPro
J-18808-Ljbffr