The Tatitlek - UNAVAILABLE, DC
posted 3 days ago
- Senior
UNAVAILABLE, DC
Educational Services
About the position
The cybersecurity architect is responsible for managing all aspects of the SIEM to include operations and maintenance for all lookup files, integrating security feeds, developing the alerting framework, developing the risk framework and the orchestration of all security devices. The role is also responsible for ensuring that data quality.
Responsibilities
- Installing or updating Security Incident & Event Management (SIEM) and Security Orchestration and Automated Response (SOAR) applications.
- Conduct development efforts to include queries to retrieve data, dashboards or alerts.
- Develop automated integration via Application Programming Interface (API) with other judiciary security devices to monitor security feeds to ensure they are appropriately populating events.
- Ensure that all new dataflows are appropriately modeled to their appropriate Common Information Model.
- Develop and maintain a QA framework that identifies large changes in data quality within the SIEM.
- Manage and improve the SIEM frameworks including Notable Event, Threat Intelligence, the Risk Based Alerting, and Assets & Identity.
Requirements
- Must have a minimum of 7 years of experience in managing and architecting a large Splunk environment.
- Must have a detailed understanding of and at least 3 years of experience with Splunk Enterprise Security frameworks including: notable event, threat intelligence, risk, assets & identities.
- Must have at least 3 years of experience and extensive working knowledge of the Common Information Model (CIM).
- Must have a detailed understanding of all Splunk back-end configuration files.
- Must be proficient in Python programming.
- Experience developing system interconnects via API to include data exchange via XML and JSON.
Benefits
- As a condition of employment, must pass a pre-employment drug screening, as well as have acceptable reference and background check results.
