Job Description
Key Responsibilities Monitor and analyze security events and alerts from multiple sources, including security information and event management Security Information & Event Management (SIEM) software, network and host-based intrusion detection systems, firewall logs, and system logs (Windows, Linux, and Unix), and databases Design, develop, and maintain custom Splunk dashboards aligned with SOC and stakeholder requirements Design and implement automation workflows, integrating Splunk with ServiceNow for incident management and response Support and employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness). Develop and optimize SPL queries, correlation searches, and detection use cases within Splunk Enterprise Security (ES) Support incident response activities, including log analysis, event correlation, and forensic investigation Separate true threats from false positives using network and log analysis and escalate possible intrusions and attacks Conduct root cause analysis (RCA) and produce technical reports and after-action documentation Develop integrations using APIs, scripting (Python/PowerShell), and webhooks across security and IT systems Ensure compliance with federal cybersecurity frameworks such as NIST SP 800-53, NIST 800-61, and CISA CDM Optimize Splunk performance, data ingestion, and system scalability Provide technical leadership and mentorship to SOC analysts and junior engineers Work within a team of diverse individuals and cross-functional teams to solve unique and complex problems with broad impact for client services and business. Provide clear, daily updates to management on security incidents; Investigate, document, and report on forensic investigations Provide daily updates to management concerning assigned or progressive security projects. Basic Qualifications Excellent teamwork and interpersonal skills Experience with intrusion detection/prevention systems and SIEM software Ability to analyze event logs and recognize signs of cyber intrusions/attacks Ability to handle high pressure situations in a productive and professional manner Strong written and verbal communication skills and the ability to present complex technical topics in clear and easy-to-understand language Experience with security frameworks (i.e., Mitre Attack, Cyber Kill Chain, etc.) Experience in network/host vulnerability analysis, intrusion analysis, digital forensics, or related areas Familiarity with but not limited to: Vulnerability Management (VM), Assessment and Authorization (A&A) process, Risk Management Framework (RMF) 2+ years of hands-on SOC/TOC/NOC experience GCIA, GCIH, GCFE, CISSP, Security +, Network +, CEH, RHCA, RHCE, MCSA, MCP, or MCSE preferred Understanding of programming/scripting languages and ability to run database queries Minimum bachelor’s degree in information security, Computer Science, or 8 years’ related experience Ability to work at the client’s site in Rockville, MD with limited telework/remote work options Strong knowledge of the following Security Information & Event Management (SIEM) Secure Sockets Layer (SSL) Decryption / Transport Layer Security (TLS) Decryption Experience with Foreign Travel Threats and Vectors. Malware Detection, Endpoint Detection and Response (EDR) Packet Analysis with Network Monitoring Tools & a deep understanding of network protocols and devices. Mac OS, Windows, and Unix/Linux systems Email Security Data Loss Prevention (DLP) Anti-Virus: Microsoft Defender for Endpoint (MDE), Microsoft Defender Antivirus (MDAV)