Splunk Engineer
The Judge Group Inc.

Washington, District of Columbia

Location: Washington, DC
Description: The Judge Group is currently seeking a Splunk Engineer to support a new Insider Threat Program. For immediate consideration, please email your resume to rkissinger@judge.com.
- Robbie Kissinger

We are seeking a Splunk expert to support our client's Insider Threat Program Team. This requires hands-on technical development of content and dashboards in Splunk. Candidates must be comfortable working in a dynamic and fast-paced operational environment.

The Candidate should have proven experience with Splunk, and leveraging the platform for insider threat program needs. This includes ensuring the maintenance and advancement of existing dashboards and driving development of new ones. At a minimum, a fundamental understanding of Splunk Enterprise Security is essential. A fundamental understanding of the Splunk Machine Learning Toolkit would be beneficial.

Responsibilities include, but are not limited to, the following:

•Develop Insider Threat dashboards

•Help develop detections and baselines supporting the Insider Threat mission

•Develop integrations between data sets to identify indicators

The role would help research and analyze known, suspected, or potential insider threats and vulnerabilities. Drives, implements, and manages dashboards in order to rapidly identify and respond to threats and anomalies.

Experience using Behavior Analytics and other tools to determine potential malicious or risky activity (e.g.: email, DLP logs, firewalls). Ability to assess and make recommendations for improvement and refinement of dashboards and use cases to improve the insider threat program. Document possible gaps in information.

Job Responsibilities

•Dashboard development for the Insider Threat Program team to identify indicators of potential insider risks in order to discern patterns of complex behavior, and provide an accurate understanding of present and future indicators.

•Possibly provide additional development of dashboards for other internal teams.

Basic Qualifications:

•Deep familiarity with Splunk

•2-5 years of experience and proficiency with Splunk to include creation of custom content (i.e. Reports, Dashboards, Alerts) specific to Insider Threat

•Demonstrated understanding of Splunk Applications and information sets that support insider threat programs (ML Toolkit, Enterprise Security, UBA, Phantom, DLP tools)

•Understanding of Insider Threat activity, modeling, and knowledge of attackers.

•Experience with Insider Threat modeling events in logs and traffic.

•Experience documenting incident cases and participating in lessons learned meetings.

•Skilled in working effectively across a multiple teams

•Must be able to operate under tight deadlines applying new techniques

Desired/Preferred Skills:

•Based out of National Capital Region (Washington, DC or Northern Virginia)

•Experience in insider threat detection, intelligence or counterintelligence with an understanding of the tactics, techniques and procedures for insider threats.

•Ability to obtain and maintain appropriate DOD security clearance

•Hands on experience in dealing with security issues facing enterprises including economic espionage and insider threats

•An understanding of commonly used targeted Insider Threat and Data Exfiltration techniques, tactics, and procedures.

•Hands on experience with investigative and/or insider threat tools, such as UBA, DLP, Computer Forensics, Monitoring, Splunk, Incident Response, Databases, or data visualization tools

•Foundational knowledge in conducting complex investigations with an Insider Threat emphasis

Contact: rkissinger@judge.com

This job and many more are available through The Judge Group. Find us on the web at www.judge.com

Job Alerts

Provide an email, zip code for jobs, and/or job category to subscribe to job alerts. Learn more now.

*By subscribing, you agree to our Terms and Privacy Policy.

More IT jobs

Nashville, Tennessee
Posted about 1 hour ago
Broomfield, Colorado
Posted about 1 hour ago
Columbus, Ohio
Posted about 1 hour ago
View IT jobs »

New post from our employment blog

Share this inclusion job with the community

Click a community link below, and then social share the Splunk Engineer job.

Disability inclusion jobs logo
Asian inclusion jobs logo
Black inclusion jobs logo
Diversity inclusion jobs logo
LGBTQ inclusion jobs logo
Seniors inclusion jobs logo
Women inclusion jobs logo
Hispanic inclusion jobs logo