Splunk User and Entity Behavior Analytics (UBA) Engineer

Edgewater Federal Solutions - Bethesda, MD

posted 3 months ago

Full-time - Mid Level
Bethesda, MD
Professional, Scientific, and Technical Services

About the position

Edgewater is seeking a Splunk User and Entity Behavior (UBA) Engineer to support the Security Program Support Services team of the National Institute of Health (NIH). In this role, you will be part of a Cyber Security Ops organization that is dedicated to supporting a leading federal healthcare client. As a Splunk UBA Engineer, your primary responsibility will be to maintain and operate the Splunk application monitoring tool, which is integral to the client’s Cybersecurity network and application audit and monitoring program within the Threat Monitoring and Incident Response (TMIR) team. You will apply strategic, operational, and tactical cyber intelligence to enhance security operations and lead or support efforts to prepare for, monitor, detect, analyze, confirm, contain, remediate, and recover from security incidents. Your role will also involve developing and implementing actionable alerts and workflows for Splunk as a CISO monitoring tool, as well as creating apps and knowledge objects such as dashboards, reports, and data models. You will provide analyst training and workshops on using Splunk, and work on developing and implementing automation and efficiencies within the platform. Communication with customer stakeholders, including leadership, support teams, and system administrators, will be essential. You will conduct deep analysis and hunting operations, configure incident response and remediation workflows, and perform technical writing and documentation tasks such as creating reports, training materials, and architecture diagrams. Building excellent relationships with prospects, clients, and internal team members is crucial, as you will co-lead client calls and communications, including the development of presentations, status reports, and requirements documents. The position requires a strong ability to take direction and achieve quality results, with a focus on personal excellence in task completion.

Responsibilities

  • Maintain and operate Splunk application monitoring tool as part of the client Cybersecurity network and application audit and monitoring program within the Threat Monitoring and Incident Response (TMIR) team.
  • Apply strategic, operational, and tactical cyber intelligence to improve security operations.
  • Lead and/or support efforts to prepare for, monitor, detect, analyze/confirm, contain, remediate, and recover from security incidents.
  • Develop & Implement Actionable Alerts and Workflow for Splunk as a CISO Monitoring tool.
  • Develop and Implement Apps & Knowledge Objects (KO) like Dashboards, Reports, Data Models.
  • Provide Analyst training and workshops on using Splunk.
  • Develop and implement automation and efficiencies with Splunk.
  • Communicate with customer stakeholders to include leadership, support teams, and system administrators.
  • Conduct deep analysis and hunting operations.
  • Configure incident response and remediation workflows for ES.
  • Perform TMIR technical writing and creation of formal documentation such as reports, training material, and architecture diagrams.
  • Develop and build excellent relationships with prospects, clients, and internal team members.
  • Co-lead client calls and communications including the development of presentations, status reports, and requirements documents.
  • Ability to take direction and achieve quality results, independently strive for personal excellence when completing tasks.

Requirements

  • BS/BA degree in information technology and 12 or more years of work experience in information technology.
  • In lieu of a degree, relevant experience is applicable.
  • U.S. Citizenship is required per contract to obtain and maintain a U.S. security clearance.
  • Experience in a rapid paced, time sensitive, high-quality environment.
  • At least 5 years of strong problem-solving capabilities and the ability to effectively communicate solutions.
  • One or more certifications in information security (such as GCIA, GCIH, CEH, CISSP, SSCP, Sec+, etc).
  • Sound cyber security knowledge foundation, to include understanding of: Strong understanding of Adversary TTPs, Network & Host Security.
  • At least 5 years of Splunk and SIEM experience.
  • At least 3 years of Trend spotting, identifying intelligence knowledge gaps, and performing analysis on threat data.
  • High technical ability/aptitude, demonstrated through prior technical experience and accomplishment.
  • At least 3 years of Endpoint/host forensics experience.
  • Excellent verbal, written, and interpersonal skills (command of English language).
  • Strong written and verbal skills to effectively communicate at all levels in government and industry.
  • Exceptionally self-motivated, directed, and detail oriented.
  • Must be able to learn, understand and apply new technologies.
  • Excellent organizational, analytical and problem-solving abilities.
  • Working knowledge of Microsoft Office (Outlook, Word, Excel, PowerPoint, Project, and Point).
  • At least 3 years of Experience in a rapid paced, time sensitive, high-quality environment.
  • History of ethical performance.
  • Exhibit considerable client delivery, business development, and proposal development experience.
  • Strong management, teamwork, and interpersonal skills against difficult due dates and timelines. Strong customer service focus to meet the needs of internal and external customers.
  • Professional, pleasant, and polished demeanor.
  • Ability to work collaboratively with others.
  • Ability to maintain confidentiality of sensitive information within and external to EdgeWater, using own judgment.
  • Strong eye for small details that make a difference.

Nice-to-haves

  • Ten or more years of cyber security work experience in Threat Hunting, Splunk Content Development, and Incident Response.
  • Active Public Trust clearance.
  • Experience and effective participation in hunt, computer network defense, real-time analysis and incident response activities, to include ability to reconstruct events from network, endpoint, and log data.
  • Experience and understanding of host-based/endpoint protection systems.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service