Niksoft Systems
Splunk Solutions Engineer/Architect
Niksoft Systems, Falls Church, Virginia, 22042
Job Location: Morrisville, NC; Falls Church, VA; Eagan, MN; remote considered Overview: NikSoft Systems Corporation is a recognized Information Technology solutions provider. Founded in 1998 and based in Reston, Virginia, NikSoft is a CMMI Level 3 Certified company with an established reputation for excellence and on-time delivery with a consistently high customer satisfaction rating from its Federal Government and private consulting contracts. NikSoft is currently conducting a search for a Splunk Service Engineer/Architect to add to its cybersecurity team in support of the United States Postal Service. The successful candidate will experience an unparalleled large-scale hybrid-cloud environment with over 800 IT systems generating millions of digital transactions in support of a diverse user base spread across the entire US. Join the NikSoft team to scale your career to the next level. Responsibilities: Experience implementing dynamic detections, integrating alerting platforms with, but no limited to, Tanium, SEP, Microsoft Defender for endpoint, Sysmon, Microsoft O365 Security alerting, Analyst1, VDI, VMware, Linux Audit logging in conjunction with the advanced Risk-Based Alerting (RBA) security framework. In addition, the applicant would be responsible for tuning and configuration of Splunk Core and Splunk Enterprise Security (ES) services, develop use cases with CISO end users to build content and assist in developing advanced security use cases. Participate in requirements gathering, solutions architecting, design and build of technology solutions to support Continuous Monitoring Program. Assist, train, and host workshops for CISO teams. Support off-hours and weekend efforts for incident investigations and systems maintenance. Required skills: Develop and Implement Actionable Alerts and Workflow for Splunk as a SIEM (Security Information & Event Management) tool Develop and Implement Apps & Knowledge Objects (KO) like Dashboard, Reports, Data Models Work with the Splunk Architect/Admin to promote private KO to Global KO Assist, and/or train CISO Splunk Engineering team on Data Lifecycle Support Assist, train, and/or host workshops CISO teams and analysts on Searching and Content Development Develop and implement automation to improve efficiency of CISO workflows using Splunk Assist in development of advanced security use cases in Splunk Develop risk rules and risk incident rules to correlate and alert to significant cyber events. Develop custom dashboards specific to RBA (Risk Based Alerting) to highlight risk detail, health analysis and risk suppression. Configure incident response and remediation workflows for ES around notable events (RBA or otherwise alerted) Develop custom machine learning (ML) models to support anomaly-detection based augmentation of alerting Work with numerous stakeholders to implement & maintain event logging from various operating systems, applications, identity providers, network infrastructure, and cloud service providers. Understanding of network protocols, operating systems, applications, and device event telemetry Have strong communication and collaboration skills, both oral and written, with excellent interpersonal and organization skills. Understanding of network defense tools (firewall, IPS/IDS, WAF/CDN, etc.), endpoint defense tools (EDR, anti-malware) a plus Experience with SAAS- or cloud-hosted Splunk implementation a plus. Required Qualifications: Bachelor's degree in Computer Science, Information Technology or related field. 4 years of experience working with Splunk and performing tasks described above. Thorough knowledge of data flow, client server and web-based systems, problem analysis and systems tuning; adept with network interfaces and technologies. 10 years of relevant experience in the cybersecurity domain. Strong communication skills in dealing with various stakeholders (technical and functional). US Citizenship or Green Card, with US based residency for at least the past 5 years to qualify for the USPS sensitive security clearance.