SIEM Support Engineer (Splunk)

Gray Tier Technologies is looking for a SIEM Support Engineer (Splunk) with an active Secret clearance to support our DOI customer's Security Operation Center in DC or Reston Virginia.

• Bachelor’s degree required.
• Minimum 4 years of experience required.
• Support for Information Security (INFOSEC) and trusted systems technology.
• Assists in the analysis and definition of security requirements.
• Assists in the analysis and definition of security requirements.
• Assists in the design, development, testing, and documentation of cryptographic products, trusted networks, database management systems and telecommunications subsystems.
• Researches, drafts, and provides input regarding information security policies, trusted computing base architectures, and security engineering practices and processes.
• Assists with certifications and accreditation reviews, security test and evaluations, and may draft associated reports.
• Supports automated information system security engineering tasks which may include policy development, asset and risk assay, development of security specifications/architectures/plans, development and/or installation of digital signature systems, support for key and certificate management, implementation/support of trusted computing base, systems certification and accreditation support, and hands-on development and operation of pilot or prototype information security applications.
• Provides research and initial input for analysis of the current information security architecture and comparative assessments of alternate approaches.
• Assists in the design, development, debugging, testing, documentation development, and maintenance of computer programs for security applications.

Job responsibilities may include the following:

• Manage and maintain the SIEM within DOI/OCIO.
• Design, deploy, configure, and manage SIEM solutions such as Splunk, Azure Sentinel, IBM QRadar.
• Utilize TCP/IP foundations and security principles, access control, logging, and data collection methodologies to include event log parsing and management.
• Manage threat identification, security event detection, monitoring, security information, and employ event management best practices.
• Optimize SIEM processes to ensure efficiency and effective log collection,
• Manage correlation rules, filters, alerts, and report generation, developing content management and delivery, health checks and performance tuning.
• Have the aptitude to perform audits, identifying vulnerabilities and compliance gaps.
• Coordinate with incident response teams.
• Work with the SIEM Team to fine-tune components, analyzing complex issues, and provide innovative solutions in the SIEM environment.
• Certification in SIEM technology (e.g., Splunk Certified Administrator) at the Journeyman level is preferred.