We have immediate requirement of Security Engineer in Greenbelt, MD. . Title: Security Engineer (Gigamon) Number of positions: 1 Hours: 40/week Education Requirement*: Master's degree Industry Experience Requirement*: 12 years' experience Citizenship/Clearance Requirement: US Citizen / Public Trust Location: Greenbelt, MD Role Description: The Splunk Engineer will report to the SOC Director and Deputy Directory and will provide overall engineering and design support for a very large distributed Splunk environment consisting of heavy forwarders, indexers, and search head servers, spanning security, performance, and operational roles. The Splunk engineer will support the full system engineering life cycle, including requirements analysis, design, development, integration, test, documentation, and implementation following defined best practices and operational workflows. The candidate should be familiar with recognizing and onboarding new data sources into Splunk, analyzing the data for anomalies and trends, and building dashboards highlighting the key trends of the data. The Splunk engineer should be familiar with Windows and Linux environments, editing and maintaining Splunk configuration files and apps. The Splunk engineer will work with other Cybersecurity Engineering team members and will be required to interact with end users to gather requirements, perform troubleshooting, and provide assistance with the creation of Splunk search queries and dashboards. The Splunk engineer will be required interact with senior management, as necessary. Responsibilities: Designing, engineering, configuring and administering Splunk content Assisting in the proper operation and performance of Splunk, plug-ins, loggers and connectors Building Splunk reports Developing dashboards with visual metrics for stakeholders Defining strategy and design around data collection, aggregations, and summarization processes Integrating external data sources into Splunk Enforcing best practices related to summarizing and querying data Developing advanced scripts for the manipulation of multiple data repositories to support analyst requirements Partnering with other enterprise teams to support data capture and advanced data analytics and forecasting efforts to support proactive identification of issues Providing recommendations and implement changes to optimize Splunk products in the customer environment Designing the Splunk system solution to meet growth while maintaining a balance between performance, stability, scalability and agility SIEM content management Ability to develop use cases, search and reporting scripts Create, optimize, and continuously evaluate security monitoring content (correlated searches/alerts) on Splunk ES. Required Skills: Set up and configure Splunk search servers, deployment servers, clustered indexers, and forwarders, as required Configure Splunk integration points and verify functionality in the technical evaluation environment Document build procedures and customizations to provide inputs to functional and operational requirements Create custom reports for ingestion to RSA Archer Dashboard Demonstrate innovative influence for projects Problems faced are difficult and often complex Strong understanding of root causes of malware infections and proactive mitigation Strong understanding of lateral movement and footholds Strong understanding of data exfiltration techniques. Demonstrated ability in critical thinking, problem solving, and analytics Enjoy analyzing patterns looking for outliers Enjoy creating ways to find needles in haystacks Have real world experience analyzing complex attacks and understand TTPs of threat actors Define relationships between seemingly unrelated events through deductive reasoning Experience in network/host based intrusion analysis, malware analysis, forensics, and cyber threat Client Knowledge of advanced threat actors and complex attacks Possess excellent writing skills and the ability to communicate to technical and executive level staff Quick study with new tools Knowledge and experience with Splunk and other cyber tools. Desired Skills: Demonstrated 7+ years knowledge and hands-on experience in security with an emphasis in engineering design, system analytics, operations and maintenance of a variety of security technologies used for security defense areas such as: network, storage/back, platforms (Windows/Linux Servers and desktops) 5 years of experience with Splunk, network security, system security, and supporting security information and event management (SIEM) Demonstrated experience in the implementation of information engineering projects; systems analysis, design and programming using standard tools and methods Create complex detection and alerting logic and log source onboarding for security focused content in our enterprise Splunk deployment. Ingest sources include: Networking (Load-Balancers, IPS, Firewalls), Operating Systems (Linux, Windows, UNIX), security tools, infrastructure, and applications. Engineer, configure, and deploy enterprise SIEM and log management solutions, develop automation for security tools management, and create customized searches and applications using programming and development expertise, including Java, Python, Shell scripting, and regular expression. Create and optimize Big Data correlations as a Splunk search language (SPL) expert. Optimize/Tune logging source streams. Provide guidance and support for existing security analytics. Develop solution and enterprise best practices for logging and monitoring. Work directly with cyber security teams to gather functional requirements, develop solutions which meet or exceed the requirements, and support the system. Promote a risk-aware culture, ensure efficient and effective risk and compliance management practices by adhering to required standards and processes. Leverage knowledge on a number of security technologies to operate and maintain the Splunk log management infrastructure. Develop advanced reports to meet the requirements of key stakeholders and scalable security management tools and processes. The candidate must have experience in designing, implementing, and maintaining a fully operating SIEM solution. Strong technical knowledge of Amazon AWS products and services, such as EC2, BeanStalk, Lambda, VPC, Route53, Amazon FW, API Gateway, ELB, CloudTrail, CloudFront, and etc. Proficiency in one or more programming/scripting languages - experience with Javascript/Node, Python, Lua, or PowerShell is strongly preferred Strong knowledge of information security concepts, trends, and practices Working knowledge of various network and security systems Familiarity with basic statistics/probability and Big Data analytics techniques such as SVM, logistics regression, Kmeans, and Naives Bayes. An ability to learn quickly, and a passion for solving technical problems Superior written and oral English communication skills is essential Highly developed, process-oriented skills for troubleshooting, problem solving, and problem resolution Good knowledge of networking concepts Familiarity with XML and HTML, CSS, XML tasks Ability to perform shell, Python and PERL scripts Prior supervisory or technical team lead experience Knowledge of network routing and switching fundamentals to include knowledge of Multiprotocol Layer Switching (MPLS) Deep technical understanding of operating systems, network architecture and design, Active Directory (AD) application log consumables, systems design as well as superior knowledge of technical operations process and procedures Knowledge of encryption, key management and cryptology Knowledge with the Risk Management Framework (NIST 800-37), Security Controls as described in NIST 800-35, and the Federal Information Security Modernization Act (FISMA) operating standards and applicable guidelines Practical knowledge of performing threat modelling, risk analysis, root cause analysis, risk identification, and risk mitigation Experience planning and implementing secure networking practices such as: application segmentation, network segmentation, NAC and other access control testing/validation, updating access control SOPs Ability to configure and develop an enterprise SIEM solution including signature tuning, development of correlation rules, reports, and alarms Experience with a variety of web application protocols, web services (components including JavaScript, XML, JSON), scripting capabilities (Power shell, Python) software development frameworks, operating systems, and networking technologies. Understanding of various web application frameworks such as ASP.NET, J2EE Interested candidates can share updated resume at priyanka.verma@comptechassoc.com or call at 732-639-5027