Cybersecurity Architect (Splunk)

JOB TITLE: CYBERSECURITY ARCHITECT (SPLUNK) LOCATION: MORRISVILLE, NC RATE RANGE: 80.00-85.00 PER HOUR JOB: 47337-1 Required skills: • Develop and Implement Actionable Alerts and Workflow for Splunk as a SIEM (Security Information & Event Management) tool • Develop and Implement Apps & Knowledge Objects (KO) like Dashboard, Reports, Data Models • Work with the Splunk Architect/Admin to promote private KO to Global KO • Assist, and/or train CISO Splunk Engineering team on Data Lifecycle Support • Assist, train, and/or host workshops CISO teams and analysts on Searching and Content Development • Develop and implement automation to improve efficiency of CISO workflows using Splunk • Assist in development of advanced security use cases in Splunk • Develop risk rules and risk incident rules to correlate and alert to significant cyber events. • Develop custom dashboards specific to RBA (Risk Based Alerting) to highlight risk detail, health analysis and risk suppression. • Configure incident response and remediation workflows for ES around notable events (RBA or otherwise alerted) • Develop custom machine learning (ML) models to support anomaly-detection based augmentation of alerting • Work with numerous stakeholders to implement & maintain event logging from various operating systems, applications, identity providers, network infrastructure, and cloud service providers. • Understanding of network protocols, operating systems, applications, and device event telemetry • Have strong communication and collaboration skills, both oral and written, with excellent interpersonal and organization skills. • Understanding of network defense tools (firewall, IPS/IDS, WAF/CDN, etc), endpoint defense tools (EDR, anti-malware) a plus • Experience with SAAS- or cloud-hosted Splunk implementation a plus. JOB DESCRIPTION: Experience implementing dynamic detections, integrating alerting platforms with, but no limited to, Tanium, SEP, Microsoft Defender for endpoint, Sysmon, Microsoft O365 Security alerting, Analyst1, VDI, VMware, Linux Audit logging in conjunction with the advanced Risk-Based Alerting (RBA) security framework. In addition, the applicant would be responsible for tuning and configuration of Splunk Core and Splunk Enterprise Security (ES) services, develop use cases with CISO end users to build content and assist in developing advanced security use cases. Participate in requirements gathering, solutions architecting, design and build of technology solutions to support Continuous Monitoring Program. Assist, train, and host workshops for CISO teams. Support off-hours and weekend efforts for incident investigations and systems maintenance. EDUCATION: Bachelor's degree in Business, Engineering, Management Sciences, Computer Science, Information Systems, Social Science, Education, Human Resources Development, and Psychology or other related disciplines and twelve to fifteen years of experience or Master's degree and ten to twelve years of related experience or PhD and eight to nine years of related experience. CERTIFICATIONS: (One or more required) -CompTIA Security -CPTE - Certified Penetration Testing Engineer or CEH - Certified Ethical Hacker -CISA - Certified Information Systems Auditor CISSP CISSP-ISSEP CISSP-ISSAP CISSP-ISSMP preferred Equal Opportunity Employer Veterans/Disabled While an hourly range is posted for this position, an eventual hourly rate is determined by a comprehensive salary analysis which considers multiple factors including but not limited to: job-related knowledge, skills and qualifications, education and experience as compared to others in the organization doing substantially similar work, if applicable, and market and business considerations. Benefits offered include medical, dental and vision benefits; dependent care flexible spending account; 401(k) plan; voluntary life/short term disability/whole life/term life/accident and critical illness coverage; employee assistance program; sick leave in accordance with regulation. Benefits may be subject to generally applicable eligibility, waiting period, contribution, and other requirements and conditions.