Splunk Engineer at Zen Strategics Llc

About Zen:  

This is the ABOUT ZEN - Here is a new paragraph that should be on every job posting Own your opportunity to work with a client-focused growing agile small business. Make an impact by advancing our government organizations charged with keeping our country safe, prosperous, and secure. Zen Strategics LLC is a cleared, niche consulting firm, offering innovative Cybersecurity, Cloud/DevSecOps, Information Data Management and Modernization solutions. We are a leading organization committed to delivering innovative solutions and ensuring the highest standards of security for our customers' infrastructure assets. We are dedicated to staying ahead of evolving cyber threats and protecting our clients' data leveraging cutting-edge technologies (to include AI/ML) and proactive security measures.  

Position Description:?

The Candidate shall assess, architect, implement, deploy, and operate solutions for capturing security relevant information (e.g. log data, Active Directory data), and analyzing it to identify markers, patterns, and anomalies that indicate intrusions, lateral movement, command and control, data exfiltration, or other security issues. The Contractor shall operate the USCIS Security Information and Event Management (SIEM) tool and work collaboratively with development and operational teams to set and implement standards for logging. The system currently in use is Splunk Enterprise.

Responsibilities:?

Essential

· Provide DevSecOps support for a multi-data center, multi-cloud, multi-region log management system. This support includes but is not limited to user account and access management, server management, monitoring, and patching, Splunk data management, Splunk version upgrades, installation & maintenance of Splunk applications and add-ons.

· Improve log coverage and quality. This includes:

o Reconciling records of log sources in Splunk with other asset management data to identify assets whose logs are not in Splunk

o Establishing specific logging standards for commonly used software applications and monitoring compliance with the standards

o Auditing log content and quality for custom developed USCIS applications

o Automating the production of documentation of the log sources in each Splunk index.

· Provide DevSecOps support to deploy visualization, analysis, analytics, and anomaly detection capabilities. As directed by the government, the Contractor shall:

o Evaluate, deploy, and operate visualization, security analysis, and anomaly detection capabilities.

o Operate, maintain and improve Exabeam Threat Hunter or other User Behavioral Analytics Solution

o Implement machine learning to improve existing anomaly detection and analysis capabilities

o Develop and deploy custom dashboards and visualizations or modify existing ones

· Use Agile tools such as JIRA, Confluence and MS Teams to provide transparency and allow information to be visible in real time and to create a unified backlog ensuring visibility into all areas of work and identifying inter-dependencies between teams.

Required Education/Qualifications

· Education: Bachelor’s in computer science

· Experience:

· Five years of experience in IT systems administration and two years of specialized experience in implementing enterprise security products and solutions.

· Two years of Linux systems administration experience.

· At least two years prior proficient experience operating a mid-size Splunk cluster or one year’s experience and Splunk certification or other comparable certifications or experience, which must be approved in advance by the Government Program Manager on a case-by-case basis.

· Possess superior technical aptitude, effective written and verbal communications skills.

· Experience with MS Office Suite, JIRA and Confluence & Familiarity with ITIL, DevSecOps and Agile concepts

· Familiarity with the following (one or more):

o Python

o Cribl

o Sumo Logic

o GitHub

o AWS, Azure, Google Cloud

Desired Certifications (one or more):

· Splunk Architect

· Splunk Admin

· Splunk Power User

· Security +

· Cribl Admin

Security Clearance Requirements:

· U.S. Citizen with the ability to obtain Public Trust and complete DHS Security Clearance

· Ability to obtain DHS EOD suitability

· Current DHS EOD highly preferred

Zen Serenity:

· 401K with company match

· Comprehensive health and wellness packages

· Professional growth opportunities include Tuition Reimbursement.

· Cutting-edge technology you can learn from

· Rest and recharge with paid time off (PTO) and holidays