Join our Talent Network >

Senior Splunk Engineer

Job ID: 2118102
Location: PORTLAND, OR, United States
Date Posted: Nov 24, 2021
Category: Cyber
Subcategory: Cyber GRC
Schedule: Full-time
Shift: Day Job
Travel: No
Minimum Clearance Required: Secret
Clearance Level Must Be Able to Obtain: None
Potential for Remote Work: No
Benefits: Click here

Share: mail

Job Description

Description

SAIC is seeking a Security Information and Event Management (SIEM) Analyst specialized in Splunk in the Portland, OR area

This position is in Hillsboro/Portland, OR.  On-site work is required for 50% of billable time; remote work beyond that is permitted.

About the Program: 

The USACE RITS contract will provide modern and secure enterprise-wide IT support services to approximately 37,000 USACE customers located throughout the CONUS and OCONUS. Services will support the mission needs of USACE’s Headquarters (HQs) located in Washington, D.C., nine Divisions and 43 Districts, to include over 1,500 field and area project offices and two data centers that are currently located in Vicksburg, Mississippi, and Hillsboro, Oregon.

Job Description:

The ideal candidate can implement, configure, monitor, and maintain a DoD-approved enterprise SIEM tool to monitor, detect, and respond to threats related to the US Army Corps of Engineers via the Revolutionary IT Services (USACE RITS) program.  The SIEM shall provide real-time analysis of security alerts generated by applications and network sensors, hardware, cyber tools, Government-approved threat intelligence feeds and threat detectors, and be capable of automatically forwarding incidents and events to the incident response team and USACE OCIO/G-6 based on severity level. The SIEM shall be configured to support classification level of data.  Candidate will serve on a team that manages multiple SIEMs and should be good communicator, be organized, and work well in both groups and on an individual basis.

Responsibilities Include:

  • Work collaboratively or independently to achieve team objectives.
  • Configure automated incident response capabilities.
  • Performing data correlation and analysis reporting for all sensors and defense capabilities at an enterprise level.
  • Providing the Government access to the SIEM systems, including the functionality to establish use cases and run queries.
  • Providing immediate notification for unplanned sensor-fed outages exceeding 24 hours, and providing an AAR identifying root causes for the outage.
  • Maintaining documentation for all feeds, sensors, and connectors in the SIEM and providing reports to USACE OCIO/G-6.

 

Other general duties include: Provide correlation and analysis of cyberspace incident reports derived from reliable sources, network sensors, vulnerability management devices, open-source information, and Industry/ Government provided situational awareness of known adversary activities. Applies expert knowledge of Named Areas of Interest (NAI) and advanced persistent threats to review, analyze, and maintain the content of an indicator database to aid in the detection and mitigation of threat activity. Utilize COTS/GOTS analyses tool and expert knowledge to provide threat detection analysis and monitoring, correlation, and prevention of cyber threat activity targeting the customer

Network. This task requires technical knowledge on the utilization of government and industry capabilities, best security practices, advanced log analysis, forensics, network monitoring, network flow analysis, packet capture analysis, network proxies, firewalls, and anti-virus capabilities. Additionally, this task requires technical knowledge of forensics analysis to determine adversary methods of exploiting information system security controls, the use of malicious logic, and the lifecycle of network threats and attack vectors. Must produce reports on the unique TTPs utilized and conduct incident handling/triage, network analysis and threat detection, trend analysis, metric development, and security vulnerability

Information dissemination. Must be able to assist the customer with developing metrics and trending/analysis reports of malicious activity and develop signatures for threat detection. (This is not intended to be a detailed nor comprehensive description of any individual employee's job content. Managers set the specific duties and responsibilities for each employee).

 

Qualifications

Required Education and Experience:

Bachelors and five (5) years or more experience; Masters and three (3) years or more experience; PhD and 0 years related experience

Required Clearance: Must have an ACTIVE Secret Security Clearance to be considered; US citizenship required

Required Certifications: Must have one of the following certifications- CEH, CySA+, GICSP, SSCP, CISSP, CASP+ CE, CISA, GCIH, GCED, CCNP Security

 

Required Skills:

  • Must have experience installing, troubleshooting, and implementing continuous monitoring solutions in Splunk

Desired Skills:

  • In addition, the ideal candidate will have experience outlined above in one or all of the following SIEM platforms:

-Elasticsearch / Kibana / Docker

-ArcSight

  • The ideal candidate will be well versed in RedHat Linux and be comfortable working on the command line
  • Familiarity with DoD computing environments

 


 


COVID Policy: Prospective and/or new employees are required to adhere with SAIC's vaccination policy. All SAIC employees must be fully vaccinated and they must submit proof of vaccination on their first day of employment. Prospective or new employees may seek an exemption to the vaccination requirement at Contact Us and must have an approved exemption prior to the start of their employment. Where work is performed strictly at a customer site, customer site vaccination requirements preempt SAIC's vaccination policy.


Overview

SAIC® is a premier Fortune 500® technology integrator driving our nation's technology transformation. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes secure high-end solutions in engineering, digital, artificial intelligence, and mission solutions. Using our expertise and understanding of existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions that are critical to achieving our customers' missions.

We are more than 26,500 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a respectful work culture based on diversity, equity, and inclusion that values all contributors. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.1 billion. For more information, visit saic.com.

Share: mail