Leidos is seeking a Cyber Network Defense (CND) Splunk SME (Subject Matter Expert) to perform technical work as part of an integrated team of CND SMEs supporting the DoD's JRSS (Joint Regional Security Stack) deployment activities. JRSS is a multi-year, global effort to improve the DoD's security posture and provide enhanced security capabilities and analytics by centralizing and virtualizing network security into regional stacks rather than locally distributed appliances. This position is responsible for providing configuration, implementation, configuration and ongoing performance enhancement work for Splunk appliances installed in the JRSS environment.
Candidate will work as part of a multi-disciplinary team that supports the active and passive Computer Network Defense (CND) tools deployed in stacks. Must be able to integrate with other technical teams, with DISA personnel, with vendor technical support personnel, and with technical representatives from DoD services, working as part of an integrated, cross-platform team that provides CND capability, and military base/post/camp/station migration support services DoD-wide as the JRSS stacks are deployed and used.
The candidate will support Splunk tools deployed in stacks and will assist with initial configuration, troubleshooting, support and project management. Candidate should have extensive CND architectural design experience as well as significant hands-on experience with Splunk.
The successful candidate will be able to do the following:
- Onboard Splunk ES critical data sources - ingestion of critical data sources/data logs from the enterprise into the SIEM (Security Information Event Management) tool to meet the Splunk ES (Enterprise Security) implementation
- Normalize Log Data to CIM (Common Information Model) as required by Splunk ES (Enterprise Security) to meet the provided security use cases (Rules/Alerts)
- Create viewable Splunk dashboards to provide visibility into ingested log data
- Create alerts that trigger/activate on configured setting to deploy or sends a note/email/attachments to a particulate destination email or groups
- Create security rules (alerts) that trigger on anomalous activities or threat detections
- Splunk Support - Assisting Customers with any issues when ingestion of logs that are not working properly. Or, communication issues with Splunk.
- Resolve Splunk infrastructure or system issues.
- Bachelor's degree from an accredited college in a related discipline, or equivalent experience/combined education, with 12 or more years' experience; or 10 years' experience with a related Master's degree or equivalent work experience.
- To be a successful fit to this assignment, you should be well versed in TCP/IP communications.
- Have a general knowledge of router and firewall functionality on a network.
- Familiar with the MS Office tool suite.
- Excellent written and oral communications skills and be able to appropriately present highly technical material to both technical and non-technical audiences
- Per contract requirements, U.S. citizenship and an active DoD Secret clearance is required. In addition, you must be able to successfully obtain up to Top Secret based on requirements from the customer and program.
- DoD 8570 IAT2 certification is required
- Prior experience as a network intrusion analyst or Security Operations Center analyst.
- Experience with one or more of the other CND tools in the JRSS cyber suite:
- Fidelis DLP and MDE
- Tipping Point
External Referral Eligible