SplunkInformation Security Engineer

Sacramento, CA, United States

Benefits:

401(k)

401(k) matching

Competitive salary

Dental insurance

Flexible schedule

Health insurance

Opportunity for advancement

Paid time off

Relocation bonus

Training & development

Title: Splunk/Information Security Engineer Location: Sacramento, CA Clearance: Secret and above

Position Responsibilities: Responsible for using current information security technology disciplines and practices to ensure the confidentiality, integrity and availability of corporate information assets in accordance with established standards and procedures. Develops and maintains knowledgebase on changing regulatory threats, and technology landscapes to continually develop or maintain security policies and standards, and ensure compliance throughout the organization. Provide computer network defense and information assurance for DMEA unclassified and classified secret IT networks to ensure confidentiality, integrity, and availability of DMEA information systems. Support, monitor, and provide analysis for all aspects of perimeter security including but not limited to Firewall and Intrusion Detection System (IDS)/Intrusion Prevention System (IPS). Support, maintain, patch, and update gateway e-mail security systems and encryption systems. Support, maintain, patch, and update antivirus and host-based security servers and client software. Administer, support, maintain, patch, and update web proxy and associated systems. Utilize all available monitoring systems to provide computer network defense. Provide Information Assurance (IA) support. At a minimum, the Information Security Engineer – Senior will be required to perform the following tasks:

Design, install, configure, manage, and monitor large distributed/clustered Splunk Enterprise on-site and cloud-based implementations; Create customized DashBoards to comply with Security Controls.

Maintain existing and when required create new SOPs in support of this objective. SOPs shall be in compliance with DoD 8530.01M and current CND evaluators scoring matrix (currently ESM v9).

Continuously monitor (ConMon) information systems

Ensure all security incidents are identified and handled within established CND SLAs and follows the DMEA Incident Handling Plan and CSSP Incident Handling Plan procedures.

Manage internal and perimeter firewalls and IDS/IPS.

Review and monitor firewall rules for networks at DMEA, identify issues and deficiencies, make corrections and advise management of possible incidents.

Monitor and maintain policies on DMEA Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), including Wireless IDS.

Provide packet capture analysis as needed using various tools such as WireShark network protocol analyzer.

Provide response and support for customer requests for temporary firewall rules and firewall, IDS, and IPS-related issues.

Support, monitor, configure, and manage remote client VPN solutions.

Track and maintain lists of open ports via the DoD Ports, Protocols, and Services Management registry.

Support, maintain, and patch all associated cyber security systems including but not limited to Linux and Windows-based operating systems managed by DMEA.

Review and configure system security posture IAW DISA STIG requirements and industry security best practices for system hardening.

Review and monitor gateway e-mail security systems for networks at DMEA, identify issues and deficiencies, make corrections and advise management and federal leads of possible incidents, inappropriate use, and malicious domains.

Monitor threat intelligence feeds for the latest email-borne threats.

Identify email-based threats and malicious emails, and be able to write custom signatures to identify/alert/block email threats.

Update Antivirus software supporting email security systems.

Provide response and support for customer requests to release valid e-mails and other e-mail security issues.

Support, maintain, and patch all associated cyber security systems including but not limited to Linux and Windows-based operating systems managed by DMEA.

Review and configure system security posture IAW DISA STIG requirements and industry security best practices for system hardening.

Provide system administration, review and monitor host-based security system server and host systems for networks at DMEA, identify issues and deficiencies, make corrections, and advise management and federal leads of possible incidents and malicious activity.

Provide response and support for host-based security system software and virus incidents, address customer issues, and take corrective action to clean viruses and malicious software from affected systems.

Provide host-based security system support to system administrators during troubleshooting efforts.

Ensure compliance with DoD requirements as they pertain to host-based security systems.

Review and monitor web content servers and systems, identify issues and deficiencies, collect and review information on malicious sites and update block lists, make corrections, and advise management and federal leads of possible incidents, malicious activity, and inappropriate use.

Response and support to address customer issues related to blocked websites.

Coordinate with DMEA and CSSP firewall personnel to set up IP blocks for malicious activity that warrants further action.

Perform scans and analysis of servers, workstations, routers, switches, and all other devices connected to DMEA networks for compliance with federal, DOD, and USCYBERCOM requirements.

Provide vulnerability reports to DMEA and CSSP as required to include current vulnerability reports and historical trends.

Track and monitor IA Workforce Improvement Program (IAWIP) compliance.

Maintain existing and when required create new SOPs in support of this objective.

Position Qualifications:

Education:

Master of Arts or Master of Science

Experience:

Minimum of 10 years of experience

Certifications:

Must have one of the following Information Assurance Technical Level II (IAT II) certifications:

Cisco Certified Network Administrator (CCNA) – Security o CompTIA Cybersecurity Analyst (CySA+) o Global Industrial Cyber Security Professional (GICSP)

Global Information Assurance Certification (GIAC) Security Essentials (GSEC)

CompTIA Security+

Certified Network Defender (CND)

Systems Security Certified Practitioner (SSCP)

Must possess the following computing environment certification(s):

Certified Information Systems Security Professional (CISSP) (or Associate)

Splunk Administrator

The following computing environment certification(s) are desired:

Cisco Certified Network Administrator (CCNA) – Security

Certified Cloud Security Professional (CCSP)

Certified Information Security Manager (CISM)

Certified Information Systems Auditor (CISA)

VMware Certified Professional (VCP)

Red Hat Certified Engineer (RHCE)