The #1 Site for IT and Engineering Jobs - search all IT and Engineering  jobs.

Cyber Security Analyst (Mid) - TS/SCI w/ Poly Required

Job Description

Job Description:

The candidate will act as the senior support person for the Splunk team (currently transitioning from ArcSight to Splunk). Candidate must have the ability to configure and support ArcSight and Splunk. Must have proven experience and ability to leverage CND analyst toolsets to detect and respond to IT security incidents. The candidate will be responsible for operating, maintaining, and monitoring a Splunk SIEM installation at a 24/7 operations center. The candidate is responsible for Linux performance tuning & troubleshooting, identifying and resolving contention in CPU, memory, networking, disk I/O, etc.

In this role, the Cyber Security Engineer will:
  • Assist with transition activities from ArcSight to Splunk
  • Upgrade/update all Splunk components as required (Loggers, Connectors, ESM).
  • On-board new event sources by obtaining access to the logs, installing the software, and then tuning/adjusting the connector;
  • Monitor and tune of all ESM components for performance;
  • Assist with analyst activity by providing reports, writing queries, running searches, fixing broken content, etc;
  • Investigate any reported problems and determine the root cause;
  • Create documentation of standard procedures, system configurations, etc.;
  • Configure the tools to work with Syslog, File and Database collection of events.
  • Create and edit content to both monitor and alert on security incidents;
  • Provide guidance to both internal and external Customer issues and supporting tickets; and,
  • Provide Tier 2/3 troubleshooting for Splunk issues, either within the tool or as part of an integrated team of professionals addressing larger issues


Required Qualifications
  • Bachelor's degree and 10+ years' experience. Additional experience in lieu of degree.
  • 8+ years of experience in cyber security
  • Demonstrated expertise in Splunk and/or ArcSight SIEM
  • 4+ years of demonstrated expertise with Linux administration
  • Provide Tier 3 troubleshooting for Splunk and/or ArcSight issues, either within the tool or as part of an integrated team of professionals addressing larger issues
  • Configure the tools to work with Syslog, File and Database collection of events.
  • Create and edit content to both monitor and alert on security incidents.
  • Providing guidance to both internal and external Customer issues and supporting tickets
  • Act as the senior subject matter expert on the tool for interactions with other teams
  • Develop documentation to support the mission
  • Provide 'on the job training' to teammates
  • Ability to create custom dashboards and reports;
  • Significant understanding of SQL, REGEX, Bash and Perl;
  • Deep knowledge optimizations for large networks;
  • Ability to create content for Splunk security alerting;
  • Demonstrated experience executing the responsibilities listed above
  • Proven experience leading a team and able to communicate with senior leadership and engineers
  • Provide on-call support when needed
  • An active TS/SCI w/ Polygraph is required for this position


Desired Qualifications
  • Ability to write Bash scripts
  • Knowledge of Windows systems administration


Job Requirements

 

Job Snapshot

Location US-VA-Chantilly
Employment Type Full-Time
Pay Type Year
Pay Rate N/A
Store Type IT & Technical
Apply

Company Overview

Leidos

Leidos is a global science and technology solutions leader working to solve the world's toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company's 32,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos' annual revenues are approximately $10 billion. For more information, visit www.Leidos.com. The company's diverse employees support vital missions for government and commercial customers. Qualified women, minorities, individuals with disabilities and protected veterans are encouraged to apply. Leidos will consider qualified applicants with criminal histories for employment in accordance with relevant Laws. Leidos is an Equal Opportunity Employer. Learn More

Contact Information

US-VA-Chantilly
Snapshot
Leidos
Company:
US-VA-Chantilly
Location:
Full-Time
Employment Type:
Year
Pay Type:
N/A
Pay Rate:
IT & Technical
Store Type:

Job Description

Job Description:

The candidate will act as the senior support person for the Splunk team (currently transitioning from ArcSight to Splunk). Candidate must have the ability to configure and support ArcSight and Splunk. Must have proven experience and ability to leverage CND analyst toolsets to detect and respond to IT security incidents. The candidate will be responsible for operating, maintaining, and monitoring a Splunk SIEM installation at a 24/7 operations center. The candidate is responsible for Linux performance tuning & troubleshooting, identifying and resolving contention in CPU, memory, networking, disk I/O, etc.

In this role, the Cyber Security Engineer will:
  • Assist with transition activities from ArcSight to Splunk
  • Upgrade/update all Splunk components as required (Loggers, Connectors, ESM).
  • On-board new event sources by obtaining access to the logs, installing the software, and then tuning/adjusting the connector;
  • Monitor and tune of all ESM components for performance;
  • Assist with analyst activity by providing reports, writing queries, running searches, fixing broken content, etc;
  • Investigate any reported problems and determine the root cause;
  • Create documentation of standard procedures, system configurations, etc.;
  • Configure the tools to work with Syslog, File and Database collection of events.
  • Create and edit content to both monitor and alert on security incidents;
  • Provide guidance to both internal and external Customer issues and supporting tickets; and,
  • Provide Tier 2/3 troubleshooting for Splunk issues, either within the tool or as part of an integrated team of professionals addressing larger issues


Required Qualifications
  • Bachelor's degree and 10+ years' experience. Additional experience in lieu of degree.
  • 8+ years of experience in cyber security
  • Demonstrated expertise in Splunk and/or ArcSight SIEM
  • 4+ years of demonstrated expertise with Linux administration
  • Provide Tier 3 troubleshooting for Splunk and/or ArcSight issues, either within the tool or as part of an integrated team of professionals addressing larger issues
  • Configure the tools to work with Syslog, File and Database collection of events.
  • Create and edit content to both monitor and alert on security incidents.
  • Providing guidance to both internal and external Customer issues and supporting tickets
  • Act as the senior subject matter expert on the tool for interactions with other teams
  • Develop documentation to support the mission
  • Provide 'on the job training' to teammates
  • Ability to create custom dashboards and reports;
  • Significant understanding of SQL, REGEX, Bash and Perl;
  • Deep knowledge optimizations for large networks;
  • Ability to create content for Splunk security alerting;
  • Demonstrated experience executing the responsibilities listed above
  • Proven experience leading a team and able to communicate with senior leadership and engineers
  • Provide on-call support when needed
  • An active TS/SCI w/ Polygraph is required for this position


Desired Qualifications
  • Ability to write Bash scripts
  • Knowledge of Windows systems administration


Job Requirements

 
Sologig Advice

For your privacy and protection, when applying to a job online: Never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction.Learn More

By applying to a job using sologig.com you are agreeing to comply with and be subject to the workinretail.com Terms and Conditions for use of our website. To use our website, you must agree with theTerms & Conditionsand both meet and comply with their provisions.
Cyber Security Analyst (Mid) - TS/SCI w/ Poly Required Apply now