GovServicesHub - Developer

Developer is needed in Dallas, United States.

Client: GovServicesHub

Location: Dallas, TX, us

Contract: Freelance

Job Description

Role: Splunk SME

Location: Dallas, TX (Remote)

• At least 5+ years of experience in the IT industry with strong technical knowledge on AWS Infrastructure & security services (EC2, ELB, Guardduty, Config, Inspector, Security Hub, RDS, Route53, S3, VPC, VPN, TGW, CloudWatch, CloudTrail, EventBridge, etc.).

• Hands-on experience in Terraform IaC deployments and ability to implement security automation.

• Strong experience working on enterprise security solutions such as WAF, IPS, DDoS, and SIEM.

• Good technical experience managing products like Splunk Enterprise Security, Tenable Nessus, PaloAlto firewall, Cortex XSOAR.

• Good understanding of security controls related to regulatory requirements, such as NIST, PCI, ISO 27001, HIPAA compliance, etc.

• Architecture certification (Google, Amazon, Azure) from a major cloud platform.

• Information Security Certification is a plus: ISO 27001, CISSP or CISM or other equivalent.

• Experience working on FedRamp compliant projects is a plus.

Requirements

Splunk Skillset Requirements:

• Strong hands-on working experience in Splunk Installation and UNIX management, Splunk architecture and components including search heads, indexers, and forwarders.

• Installed, configured, and maintained Splunk Add-ons and Apps such as but not limited to: Splunk Add-On for AWS, Splunk Add-On for Windows, and Google Workspace for Splunk.

• Creation of new dashboards, reports, or analytics.

• Managed a clustered environment with multiple indexers and search heads.

• Administered both Splunk Enterprise and Splunk Enterprise Security.

• Worked closely with various Security and Platform Engineering teams to onboard new data from various sources.

• Creation of new alerts, custom rules.

• Maintaining the security of Splunk and its related components and indexes.

• Maintaining current patch levels for all Splunk components – including the Linux host OS patching and upgrading.

• Performing major version upgrades – including the Linux host OS, Splunk components as necessary.

• Troubleshooting and resolving Splunk issues as necessary. Candidates with Splunk Enterprise Security Certified Admin or Splunk Certified Cybersecurity Defense Analyst certification will be preferred.

XSOAR Skillset Requirements:

• Experience in XSOAR with the ability to configure existing and/or create new Incident Types, Incident Fields, Classifications & Mappings.

• Ability to build new or modify existing Playbooks, including implementation of Generic Polling and similar tasks.

• Ability to configure and manage Threat Intelligence Management (TIM) features in XSOAR.

Palo Certified Security Automation Engineer (PCSAE) preferred.

Additional Information

None