XOR Security is currently seeking a talented Splunk Subject Matter Expert to support one of our premier clients within the Department of Homeland Security for the HQ Enterprise Security Operations Center (ESOC). The ESOC program provides comprehensive Computer Network Defense and Response support through 24×7×365 monitoring and analysis of potential threat activity targeting the DHS enterprise. To support this vital mission, XOR staff is on the forefront of providing T1-T3 CND Operations, and Digital Media Analysis supporting advanced threat analysis and development of countermeasures to protect critical assets from hostile adversaries.
The ideal candidate will provide subject matter expertise to support and operate Splunk using security information and event management (SIEM) or security event management (SEM) best practices and Splunk Enterprise Security. Design Splunk systems to meet growth while maintaining balance between performance, stability, and agility. Manage customer expectations, onboard data into Splunk, support projects in multi–site or clustered Splunk installations, and assist with the development of advanced reports to meet the requirements of key stakeholders. Conduct research in areas driven by customer use cases. Architect and support systems used to configure and deploy Enterprise SIEM log management solutions and develop automation for security tools management. Aid in the automation, deployment, integration, and testing of enterprise systems and services and create and optimize big data correlations as a Splunk search language (SPL) expert.
Strong written and verbal communications skills are a must.
- 7+ years of experience with IT
- 5+ years of experience as a Splunk administrator
- BA or BS degree in Computer Science or related field
- Subject Matter Expertise in all aspects of Splunk
- Experience with using scripting languages to automate tasks and manipulate data
- Experience with working in a large enterprise environment
- Knowledge of enterprise logging, including application, OS, and security technology logging
- Knowledge of regular expressions
- Ability to demonstrate SPL expertise
- Secret Clearance
- 2+ years of experience with network security, system security, and supporting security information and event management (SIEM)
- Experience with infrastructure management and support and system administration in Windows and UNIX environments
- Experience with enterprise–scale operations and maintenance environments
- Experience with programming a plus
- Experience with Python
- Experience with security tools, including Firewall, IDS, Active Directory, Nmap, Burp, Proxy, or Bro
- Knowledge of networking protocols
- BA or BS degree in CS, IT, or a related field
- Splunk Administrator or Architect Certification
XOR Security offers a very competitive benefits package including health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements – US CITIZENSHIP REQUIRED.