Cyber Systems Administrator 2 with Security Clearance
ASD · Tampa, FL · 1 wk ago
Information TechnologyFull-time
Essential Duties
- Utilize your experience with a Security Information and Event Management (SIEM) tool. Splunk is preferred, but experience with an equivalent SIEM would be acceptable.
- Create and optimize complex Splunk queries to extract, analyze, and visualize security data from diverse sources.
- Develop and implement Splunk queries to generate actionable insights for proactive threat detection and response.
- Design Splunk Dashboards and Reports:
- Design user-friendly Splunk dashboards and reports tailored to different stakeholders, such as security operations teams, management, and auditors.
- Provide real-time visibility into security events, trends, and key performance indicators.
- Configure and Maintain Splunk Infrastructure:
- Configure and fine-tune Splunk deployments, including data inputs, data parsing, field extractions, and data enrichment pipelines.
- Ensure the continuous availability and optimal performance of Splunk indexes, search heads, and forwarders.
- Utilize Splunk Enterprise Security:
- Develop and implement security use cases, correlation searches, and notable events for threat detection and analysis.
- Monitor security-related alerts and incidents to identify and prioritize security threats.
- Utilize Trellix/Endpoint Security Solutions (ESS), formerly Host Based Security System (HBSS) to detect and counter known threats.
- Create and optimize complex Splunk queries to extract, analyze, and visualize security data from diverse sources.
- Collaborate with Cross-Functional Teams:
- Collaborate with cross-functional teams, including IT, network, and application teams, to integrate Splunk with various platforms and systems.
- Provide technical expertise in advising security on best practices and designing effective security controls.
- Investigate Security Incidents:
- Conduct in-depth investigations into security incidents, anomalies, and breaches using Splunk's forensic capabilities.
- Perform root cause analysis, incident triage, and post-incident reviews to identify gaps in security controls and recommend remediation actions.
- Documentation and Reporting:
- Document Splunk configuration, operational procedures, and security findings.
- Prepare comprehensive reports detailing security events, trends, and mitigation strategies.
- Communicate technical information effectively to non-technical stakeholders.
- Stay current with Industry Trends:
- Stay abreast of the latest cybersecurity threats, vulnerabilities, and industry best practices.
- Continuously enhance your knowledge of Splunk features and capabilities through self-study, professional training, and certifications.
Basic Qualifications for Cybersecurity Analyst
- Bachelor’s degree with 2 years of experience
- U.S. Citizenship required
- A current/active DoD TS/SCI clearance
- Must possess DoD 8570 Certification for IAT Level II or higher prior to start date.
- Experience with a Security Information and Event Management (SIEM) tool.
- Ability to collaborate with other teams to investigate security incidents and provide insights for improving security posture.
- Working knowledge of network security controls such as routers, switches, firewalls and network access controls.
- Working Knowledge of Linux and Windows Operating Systems.
- Knowledge of vulnerabilities, threat detection, encryption, and security audits.
- Must be willing to work a Panama schedule that includes working 12-hour shifts.