• Designs develop, test, and evaluate information system security throughout the systems development life cycle

• Monitors and analyzes Intrusion Detection Systems (IDS) to identify security issues for remediation

• Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information

• Evaluate firewall change requests and assess organizational risk

• Communicates alerts to teams regarding intrusions and compromises to their network infrastructure, applications, and operating systems

• Ensures the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices

• Implements, enforces, communicates, and develops security policies or plans for data, software applications, hardware, telecommunications, and information systems security education/awareness programs

• Performs periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system, and external Web integrity scans to determine compliance

• Prepares incident reports of analysis methodology and results

• Implement approved Splunk SaaS architecture and design

• Support and maintain high availability for SaaS Splunk deployments

• Maintain Splunk architectural diagrams and documentation

• Ensure compliance with regulations and privacy laws

• Perform DoD system certification and accreditation activities as prescribed by IA leadership

• Develop and document IA processes and procedures for the environment as necessary

• Uses encryption technology, penetration and vulnerability analysis of various security technologies, and information technology security research

• DISA Security Technical Implementation Guidelines (STIG) for an operational DoD environment, including scheduling, validation, remediation, and reporting

• Work with customers, software developers, network/system administrators, and others to ensure that security requirements are understood and implemented

Basic Qualifications:

• BS degree; 3 additional years of experience may be considered in lieu of a degree

• 1-2+ years of experience with log sources, including various network, host, and application logs

• 1-3+ years of experience in utilizing SIEM for log analysis, monitoring, and investigation

• 1-2+ years of experience identifying attacker tactics, techniques, and procedures

• 1-2+ years of experience using threat intelligence to find suspicious activities proactively and iteratively in available security telemetry

• 1-2+ years of experience working in a Security Operations Center (SOC) environment

• 1-3+ years of hands-on experience writing and optimizing detection queries using various query languages, particularly in SPL for Splunk

• Demonstrated understanding of modern attack patterns and threat landscape

• Demonstrated excellent analytical and problem-solving skills with the ability to identify and mitigate security risks

• 1-2+ years of experience in intrusion detection, security investigations, and incident response

• 1-3+ years of experience and working knowledge of Splunk Enterprise Security platform

• 1-2+ years of experience in Detection Engineering or Digital Forensics with broad knowledge of security domain

• 1-2+ years of experience of KQL for Microsoft Defender EDR

• Demonstrated expertise in EDR, email security, and securing SaaS applications

• DOD 8570 IA Level II Certification required (i.e.  Security+ CE); CISSP, CISA, and CISM certifications preferred.

• SECRET CLEARANCE REQUIRED TO START

• Remote