Splunk Solutions Engineer/Architect

Falls Church, VA, USA

Full Time Senior-level / Expert Clearance required USD 145K - 270K *

NikSoft Systems Corp.

NikSoft Corporate Site

View all jobs at NikSoft Systems Corp.

Apply now Apply later

Posted 5 hours ago

Job Location: Morrisville, NC; Falls Church, VA; Eagan, MN; remote considered

Overview:

NikSoft Systems Corporation is a recognized Information Technology solutions provider. Founded in 1998 and based in Reston, Virginia, NikSoft is a CMMI Level 3 Certified company with an established reputation for excellence and on-time delivery with a consistently high customer satisfaction rating from its Federal Government and private consulting contracts.

NikSoft is currently conducting a search for a Splunk Service Engineer/Architect to add to its cybersecurity team in support of the United States Postal Service. The successful candidate will experience an unparalleled large-scale hybrid-cloud environment with over 800 IT systems generating millions of digital transactions in support of a diverse user base spread across the entire US. Join the NikSoft team to scale your career to the next level.

Responsibilities:

Experience implementing dynamic detections, integrating alerting platforms with, but no limited to, Tanium, SEP, Microsoft Defender for endpoint, Sysmon, Microsoft O365 Security alerting, Analyst1, VDI, VMware, Linux Audit logging in conjunction with the advanced Risk-Based Alerting (RBA) security framework. In addition, the applicant would be responsible for tuning and configuration of Splunk Core and Splunk Enterprise Security (ES) services, develop use cases with CISO end users to build content and assist in developing advanced security use cases. Participate in requirements gathering, solutions architecting, design and build of technology solutions to support Continuous Monitoring Program. Assist, train, and host workshops for CISO teams. Support off-hours and weekend efforts for incident investigations and systems maintenance.

Required skills:

Develop and Implement Actionable Alerts and Workflow for Splunk as a SIEM (Security Information & Event Management) tool

Develop and Implement Apps & Knowledge Objects (KO) like Dashboard, Reports, Data Models

Work with the Splunk Architect/Admin to promote private KO to Global KO

Assist, and/or train CISO Splunk Engineering team on Data Lifecycle Support

Assist, train, and/or host workshops CISO teams and analysts on Searching and Content Development

Develop and implement automation to improve efficiency of CISO workflows using Splunk

Assist in development of advanced security use cases in Splunk

Develop risk rules and risk incident rules to correlate and alert to significant cyber events.

Develop custom dashboards specific to RBA (Risk Based Alerting) to highlight risk detail, health analysis and risk suppression.

Configure incident response and remediation workflows for ES around notable events (RBA or otherwise alerted)

Develop custom machine learning (ML) models to support anomaly-detection based augmentation of alerting

Work with numerous stakeholders to implement & maintain event logging from various operating systems, applications, identity providers, network infrastructure, and cloud service providers.

Understanding of network protocols, operating systems, applications, and device event telemetry

Have strong communication and collaboration skills, both oral and written, with excellent interpersonal and organization skills.

Understanding of network defense tools (firewall, IPS/IDS, WAF/CDN, etc.), endpoint defense tools (EDR, anti-malware) a plus

Experience with SAAS- or cloud-hosted Splunk implementation a plus.

Required Qualifications:

Bachelor's degree in Computer Science, Information Technology or related field.

4+ years of experience working with Splunk and performing tasks described above.

Thorough knowledge of data flow, client server and web-based systems, problem analysis and systems tuning; adept with network interfaces and technologies.