You will be part of the team responsible for the management of Raytheon’s enterprise SIEM. In addition to handling the day-to-day administration of the system, you’ll work closely with our SOC and incident response teams to identify ways to improve security event analysis, work with system owners to onboard new data sources, develop new detection signatures, and use your expertise in scripting to integrate new capabilities.
•Minimum 6+ years of experience working in IT and/or Cyber Security and a bachelor’s degree or equivalent combination of work experience and schooling/certifications in lieu of degree.
•Experience administering Splunk clustered environments.
•Experience building and administering Linux based systems.
•Ability to independently lead projects with minimal direction from leadership.
•Familiarity with tstats, data modelling, search optimization, and dashboarding.
•Proficiency with software development / scripting in Python.
•Understanding of TCP/IP and basic principles of networking (routing and switching).
•Understanding of cyber security concepts.
•Aptitude for troubleshooting, creative thinking, and problem solving;
•Available to participate in a 24/7 on-call rotation;
•This position requires the eligibility to obtain a U.S. security clearance. Except in rare circumstances, only U.S. citizens are eligible for a security clearance.
This position requires either a U.S. Person or a Non-U.S. Person who is eligible to obtain any required Export Authorization
Desired Skills:•Experience with Splunk Enterprise Security.
•Working knowledge of relational databases.
•Experience with configuration automation/orchestration tools (Ansible, Chef, Puppet)
•Experience using Version Control Systems in a team environment (Git, SVN)
•Understanding of SDLC methodologies, especially Agile.
•Experience with syslog, rsyslog, or syslog-ng.
•Experience with public cloud platforms (AWS, Azure, GCP)
•Experience writing and maintaining detection rules for SIEM.
•Experience working on a Computer Incident Response Team (CIRT)
•Previous experience working in a Security Operations Center (SOC)
•Experience with security log analysis.
•Information Security and IT certifications: Splunk, GIAC, CISSP, Cisco, Red Hat, AWS, etc.
Bachelor’s degree in Information Technology, Computer Science, Computer Engineering, Cyber, Mathematics or related discipline or equivalent combination of work experience and schooling/certifications in lieu of degree.
- Your main responsibilities will include:•Proactively monitor the service for performance and other issues, and address them in a timely manner while adhering to a strict change management process.
- •Perform advanced network analysis, problem identification and solution design.
- •Interface with end users to assist with collecting logs into SIEM.
- •Interface with members of Cyber Threat Operations to improve threat detection capabilities.
- •Perform system administration and maintenance on local or remote devices.
- •Write extractions and parsers for new log sources, and normalize for data modeling.
- •Lead projects to patch, upgrade, and extend the platform.
- •Develop custom commands and integrations in python.
- •Develop and tune SIEM detection rules.
- •Physically available to support onsite work in both lab and production environments, including prompt emergency work.
- •Participate in a 24/7 on-call rotation.