Listing Description

Flexible to allow fully remote, but may require periodic onsite visits as customer request (adhoc) - Herndon, VA

XOR Security is seeking a Splunk Enterprise Security Engineer to support IT Security Staff (ITSS) with developing and administering a Splunk Enterprise Security SIEM solution. The ITSS within OCIO manages the enterprise IT security program for the Institution. ITSS works closely with IT staff and other personnel from throughout the Institution on IT security initiatives and processes. ITSS consists of the Security Operations Center (SOC), Systems Risk Management (SRM), PCI Compliance, and Security Architecture & Engineering. The Splunk ES Security Engineer will support the Splunk Enterprise Security (ES) Security information and event management (SIEM) capabilities

Duties:

• Develop and administer SOC’s Splunk ES risk-based analysis dashboard.


• Analyze attack vectors and methods in order to develop custom Splunk ES SIEM signatures or detections.


• Participate in SI testing exercises.


• Provide and implement recommendations to improve Splunk ES detections.


• Monitor sources for threat intelligence and configure Splunk ES to detect indicators of compromise (IOCs). Configure and optimize Splunk ES threat intelligence framework.


• Review past SI Red and Purple Team exercise findings and develop Splunk develop reliable, efficient queries that will feed custom alerts and dashboards. Develop and deploy detections using various SI data sources to include but not limited to endpoints, web applications, authentication mechanisms, security tools, and network devices. Analyze SI data sources and provide recommendations to improve data sources in order to develop Splunk ES SIEM signatures or detections.


• Lead the SOC’s incident response team threat hunting and incident response activities.


• Build and integrate contextual data into the notable events and workflow within Splunk Enterprise Security Suite.


• Engage application and infrastructure teams to establish best practices for utilizing Splunk data and visualizations.


• Provide mentoring and coaching to team members and other infrastructure resources.


• Assist users of Splunk in designing and maintaining production-quality searches, dashboards and alerts.


• Provide timely response to audit requests.


• Develop good working relationships with customers and other stakeholders, and provide advice and assistance to stakeholders on Splunk related issues.


• Collaborate with Smithsonian Splunk colleagues on the planning and implementation of enhancements to the Splunk environment.

Required qualifications:

• 8 years of technical experience


• Bachelors Degree (Preferred) 


• Experience with development of the Splunk Enterprise Security application specifically for SIEM capabilities.


• Ability to develop custom queries and monitoring capabilities based on threat intelligence.


• Experience with the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework.


• Experience configuring custom Splunk searches and applications required.


• Experience with analyzing attack vectors and methods in order to develop Splunk ES SIEM signatures or detections.


• Ability to work independently and with other teams.


• Good writing, interpersonal and communication skills.

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements – US CITIZENSHIP REQUIRED.