Boston Government Services, LLC (BGS)

Splunk Detection Engineer

Boston Government Services, LLC (BGS)

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Apply

Job Level

Mid-LevelSenior

Tech Stack

AzureCloudCyber SecurityDNSGoogle Cloud PlatformLinuxMacOSPythonSMTPSplunkTCP/IP

About the role

  • Integrate new data sources, which may include databases, APIs, files, etc.; Validating and creating appropriate configurations for CIM compliant logs; Processing requests from cybersecurity analysts for new detections within Splunk Enterprise Security; Analyzing existing logs to identify poorly formatted logs and potential gaps when implementing new detections; Adding and maintaining threat feeds within Splunk Enterprise Security; Monitoring the performance of and tuning detections; Managing asset and identity inventory within Splunk Enterprise Security; Creating and maintaining new Splunk apps; Recommending additions or changes to Splunk or its data models to meet detection needs; Developing searches, reports, and other functionalities for cyber-based use-cases, including active response, intrusion detection, vulnerability management, and related use cases; Assisting users with creating and optimizing searches and dashboards and mentoring others in good development of said resources; Attend online/Teams meetings with team and others as appropriate; Work with team to provide status on current task, suggest improvements, discuss implementation; Expectation/Deliverables: Capture business requirements and implement the requirements; Analyze data and perform initial planning to address identified issues; Assist with the creation of playbooks to address identified issues from analysts; Seek to understand the intention of detections and corresponding playbooks; Provide basic feedback on existing playbooks and detections; Identify telemetry quality and visibility issues (SIEM parsing/normalization, EDR/XDR sensor health, asset/identity tagging); Improved candidate: Provide advanced recommendations to address gaps in logging and detections; Create detailed and thorough testing plans; Produce clear metrics and reports (FP rate, backlog) for technical and executive audiences; Excellent candidate: Create advanced use cases for detections and map detections to MITRE; Drive continuous improvements to existing processes or tooling; Perform quality reviews and improve detections and actions; Coach, guide, teach others on the team in use of Enterprise Security

Requirements

  • Significant experience with Splunk and Splunk Enterprise Security; Significant experience with event logging solutions (e.g., Splunk Universal Forwarder, syslog, Cribl); Experience with ticketing/case management; Experience with Git pipelines; Familiarity with using Linux CLI; Ability to craft queries using common languages; comfort with regex, JSON and APIs; basic scripting in Python/PowerShell/Bash; Excellent analytical, problem-solving, and communication skills; able to operate under pressure in a shift or on-call environment; Considerable knowledge using and administering Splunk; Staying up to date with the latest cybersecurity threats, vulnerabilities, and best practices; Strong analytical and problem-solving skills; Meticulous attention to detail; Excellent written and verbal communication skills; Ability to work collaboratively with other cybersecurity professionals, IT staff, and external vendors; Experience and skill in conducting audits or reviews of technical systems; Experience working in a government environment; Experience working in a distributed IT environment; Ability to qualify for HSPD-12 card for use in two-factor authentication; Must be a U.S. citizen; Successful drug screening; Preferred: Strong grasp of TCP/IP, OSI model, and common protocols (HTTP, DNS, SMTP); Windows/Linux/macOS fundamentals; Active Directory/Azure AD concepts; basic cloud logging; Experience in system and network administration; Relevant cybersecurity experience including investigations and data analysis; Experience with SOAR tools and automation development; Experience using identity security/management tools (e.g., Entra ID, Active Directory, Shibboleth, CrowdStrike Identity Protection); Cloud security experience (e.g., CloudTrail/GuardDuty, Azure Defender/M365, GCP Security Command Center); Relevant certifications (Security+, CySA+, SSCP; Microsoft SC-200/AZ-500; Splunk Core/Enterprise Security certifications; GIAC certifications)
Boston Government Services, LLC (BGS)

Cyber Security Analyst

Boston Government Services, LLC (BGS)
Juniorfull-timeTennessee · 🇺🇸 United States
Posted: 1 hour agoSource: workforcenow.adp.com
AzureCloudCyber SecurityDNSLinuxMacOSPythonSMTPTCP/IP
General Dynamics Information Technology

Cyber Architect/Engineer, Cloud SME

General Dynamics Information Technology
Senior · Leadfull-time$144k–$195k / yearNorth Carolina · 🇺🇸 United States
Posted: 2 days agoSource: gdit.wd5.myworkdayjobs.com
AWSAzureCloudCyber SecurityDNSGoogle Cloud PlatformLinux
Ocient

Information Security Analyst

Ocient
Junior · Midfull-time$70k–$110k / yearIllinois · 🇺🇸 United States
Posted: 4 hours agoSource: ocient.hire.trakstar.com
AWSAzureCloudCyber SecurityGoogle Cloud PlatformLinuxMacOSSplunk
Palo Alto Networks

Principal Consultant, Proactive Services - SOC

Palo Alto Networks
Leadfull-time🇸🇦 Saudi Arabia
Posted: 12 days agoSource: jobs.smartrecruiters.com
AWSAzureCloudCyber SecurityGoogle Cloud Platform
Vanguard

Senior Security Automation Developer

Vanguard
Seniorfull-timeNorth Carolina, Pennsylvania · 🇺🇸 United States
Posted: 23 days agoSource: vanguard.wd5.myworkdayjobs.com
AWSAzureCloudCyber SecurityGoogle Cloud PlatformJavaScriptPython