[Remote] Splunk Detection Engineer

šŸŒ Remote, USA šŸŽÆ Full-time šŸ• Posted Recently

Job Description

Note: The job is a remote job and is open to candidates in USA. Boston Government Services, LLC (BGS) is an engineering, technology, and security firm that supports missions of national importance. They are seeking a Splunk Detection Engineer to integrate data sources, validate configurations, and develop searches and reports for cybersecurity use cases.

    Responsibilities
  • Integrate new data sources, which may include databases, APIs, files, etc. This may involve setting standards and working with IT administrators to update their configurations
  • Validating and creating appropriate configurations for CIM compliant logs
  • Processing requests from cybersecurity analysts for new detections within Splunk Enterprise Security
  • Analyzing existing logs to identify poorly formatted logs and potential gaps when implementing new detections
  • Adding and maintaining threat feeds within Splunk Enterprise Security
  • Monitoring the performance of and tuning detections
  • Managing asset and identity inventory within Splunk Enterprise Security
  • Creating and maintaining new Splunk apps
  • Recommending additions or changes to Splunk or its data models to meet detection needs
  • Developing searches, reports, and other functionalities for cyber-based use-cases, including active response, intrusion detection, vulnerability management, and related use cases
  • Assisting users with creating and optimizing searches and dashboards and mentoring others in good development of said resources
  • Attend online/Teams meetings with team and others as appropriate
  • Work with team to provide status on current task, suggest improvements, discuss implementation, etc
  • Capture business requirements and implement the requirements
  • Analyze data and perform initial planning to address identified issues
  • Assist with the creation of playbooks to address identified issues from analysts
  • Seek to understand the intention of detections and corresponding playbooks
  • Provide basic feedback on existing playbooks and detections
  • Identify telemetry quality and visibility issues (SIEM parsing/normalization, EDR/XDR sensor health, asset/identity tagging)
  • Provide advanced recommendations to address gaps in logging and detections based on an analysis of threats and data
  • Create detailed and thorough testing plans to ensure higher chance of accurate detections
  • Produce clear metrics and reports (FP rate, backlog) for technical and executive audiences
  • Create advanced use cases for detections based on an analysis of threats and data, including sample criteria to identify the behavior and mapping detections to MITRE Telecommunication & CK
  • Drive continuous improvements to existing processes or tooling
  • Perform quality reviews and improve detections and actions
  • Coach, guide, teach others on the team in use of Enterprise Security
    Skills
  • Significant experience with Splunk and Splunk Enterprise Security
  • Significant experience with event logging solutions (e.g., Splunk Universal Forwarder, syslog, Cribl)
  • Experience with ticketing/case management
  • Experience with Git pipelines
  • Familiarity with using Linux CLI
  • Ability to craft queries using common languages; comfort with regex, JSON and APIs; basic scripting in Python/PowerShell/Bash
  • Excellent analytical, problem-solving, and communication skills both with stakeholders, peers, and internal customers; able to operate under pressure in a shift or on-call environment
  • Considerable knowledge using and administering Splunk
  • Staying up to date with the latest cybersecurity threats, vulnerabilities, and best practices
  • Strong analytical and problem-solving skills
  • Meticulous attention to detail to ensure thorough assessments and accurate reporting
  • Excellent written and verbal communication skills to effectively convey findings and recommendations to technical and non-technical stakeholders
  • Ability to work collaboratively with other cybersecurity professionals, IT staff, and external vendors
  • Experience and skill in conducting audits or reviews of technical systems
  • Experience working in a government environment
  • Experience working in a distributed IT environment
  • Ability to qualify for HSPD-12 card for use in two-factor authentication
  • Strong grasp of TCP/IP, OSI model, and common protocols (HTTP, DNS, SMTP)
  • Windows/Linux/macOS fundamentals; Active Directory/Azure AD concepts; basic cloud logging
  • Experience in system and network administration
  • Relevant cybersecurity experience including investigations and data analysis
  • Experience with SOAR tools and automation development
  • Experience using identity security/management tools (e.g., Entra ID, Active Directory, Shibboleth, CrowdStrike Identity Protection)
  • Cloud security experience (e.g., CloudTrail/GuardDuty, Azure Defender/M365, GCP Security Command Center)
    Benefits
  • Health
  • Dental
  • Vision
  • Life Insurance
  • Paid Vacation
  • 401K
  • Long and Short-Term Disability
    Company Overview
  • Boston Government Services, LLC (BGS) is an engineering, technology, and security firm providing mission-focused solutions for the clean energy, nuclear, and federal programs markets. It was founded in 2007, and is headquartered in Oak Ridge, Tennessee, USA, with a workforce of 201-500 employees. Its website is https://www.bgs-llc.com/.

Apply tot his job

Apply To this Job

Ready to Apply?

Don't miss out on this amazing opportunity!

šŸš€ Apply Now

Similar Jobs

Recent Jobs

You May Also Like