📁
Cyber Security
💼
ITSD - Information Technology Services Department

Are you interested in creating new IT security capabilities and learning new cybersecurity technologies?

 

Do you want to have a stake in the overall security posture and assessment of the IT infrastructure?

 

If so, we’re looking for someone like you to apply and join our team at APL!

 

We are seeking a Splunk Security Engineer to be part of APL's Classified IT Services team. We provide technical expertise to meet compliance and security objectives in environments that require Audit & Logging Tool Administration & Operations. Auditing & Incident Identification and Incident Response Coordination. Our collaborative environment promotes learning, growth, and fosters team spirit!

 

The Splunk Security Engineer will serve as the primary subject-matter expert on a team responsible for the overall engineering, operations, and maintenance of a Splunk environment spanning 5 classified security enclaves.  The environments consist of forwarders, indexers, search heads, centralized log servers, and varying data ingests.  Oversee operational responsibilities to include security and performance.  Support the full system engineering life-cycle of the Splunk and logging environment including requirements analysis, design/architecting, integration, testing, documentation, implementation, and documentation.


Duties:

  1. Lead the development of security-focused content for our Splunk implementations across five classified DoD networks.  Work with the security operations team and customers across the APL to create threat detection logic and dynamic operational dashboards.  Serve as technical lead in architecting log management and data ingest solutions to ensure they are scalable and efficient.  Work with customers to onboard data sources and fully configure the security information and event management (SIEM) or security event management (SEM) to meet enterprise security and governance requirements.  Assist with leading technical discussion with stakeholders and help manage client expectations, develop advanced reporting, and perform requirements management for stakeholders. Analyze and make recommendations for Risk Management Framework compliance requirements.  
  2. Operate and maintain the Splunk operational architecture, to include the management of centralized log servers and reporting systems.  Leverage expertise in governance, security technologies, information security, and networking to interact with clients and senior management regarding the current and future state of the Splunk architecture. Oversee production support, management of the system hardware, and configuration of the underlying operating systems to meet scalability requirements while maintaining performance and stability.  Leverage automation techniques and develop scripts to manipulate data repositories to support data and threat analysis. Develop documentation supporting management procedures and implementations guides for Splunk based solutions.
  3. Leverage programming skills (e.g., CSS, HTML, JavaScript, Python, shell scripting) to automate security tools management.  Create customized applications within Splunk such as searches, audit scripting, and visualization.  Implement and manage Splunk add-ons to maximize capabilities, such as machine learning and advanced threat detection.  Expertly leverage the Splunk Machine Learning Toolkit (MLTK) and the Splunk Search Processing Language (SPL) to develop network or entity-based anomaly detection alerting. 
  4. Assist with the Assessment and Authorization (A&A) of the Splunk architecture. Perform risk assessments and Security Test & Evaluations (ST&E) of Splunk components and equipment under the IAVM and vulnerability management program. Review systems to identify potential security weaknesses, recommend improvements, and implement changes. Work with the vulnerability management team to remediate findings from Assured Compliance Assessment Solution (ACAS)/Nessus and Host-Based Security Solution (HBSS) scans, and other automated and manual assessment tools such as DoD Security Technical Implementation Guides (STIGs).  Submit change requests for system components, develop a Plan of Action and Milestones (POA&M), and create documentation in support of Risk Management Framework (RMF) accreditations.
  5. Assist with log auditing and log management.  Work closely with the operations team to monitor systems and environments for security incidents and general security operations.  Track and help implement responses and actions to address operational and communication orders from governing organizations.  Provide expert analysis of records to prevent or detect anomalies or possible adverse events.  Identify data accessed, destination and source addresses, timestamp, user login information, and specific sequence of activities in order to formulate courses of action and/or responses.

You will meet the minimum requirements if you have...

 

  • A BS degree in Computer Science, Management Information Systems, Computer Information Systems, Information Assurance, or comparable field or equivalent years of professional relevant
  • 5+ years of Security Engineering experience working with DoD IT enclaves, systems, and solutions
  • 5+ years experience with application and OS enterprise logging, managing Splunk and Security Information and Event Management (SIEM) systems and creating rule sets and threat detection logic in Splunk
  • Ability to demonstrate Splunk Machine Learning Toolkit (MLTK), Splunk Search Processing Language (SPL) expertise and Regular Expression Language
  • Experience with using scripting languages such as CSS, HTML, JavaScript, Python, and shell scripting to automate tasks and manipulate data
  • Hold an active Secret security clearance with the ability to obtain a Top Secret clearance. If selected, you will be subject to a government security investigation and must meet the requirements for access to classified information. Eligibility requirements include U.S. citizenship.
  • Current industry certification aligned to DoD Manual 8570, 01-M for IAT II
  • Splunk Administrator or Architect Certification
  • Are able to work Occasional weekends and other after-hours to handle and/or complete critical project/work-related business needs.
  • Can demonstrate that you are fully vaccinated against COVID-19. To ensure the safety and well-being of the community, APL has established a policy requiring that all staff be vaccinated against COVID-19. All staff members must provide proof of full vaccination or have an approved medical or religious accommodation by their start date.

 

You will go above and beyond our minimum requirements if you have...

 

  • Intermediate expertise with Red Hat Enterprise Linux (RHEL)
  • 1+ years of experience leveraging Splunk or audit logs for incident response and user behavior analytics

  • Experience with programming a plus

  • Experience with security tool data, including Network & Host Firewall, Tenable, Tanium, Forescout

  • Strong communication and presentation skills

 

Why work at APL?

 

The Johns Hopkins University Applied Physics Laboratory (APL) brings world-class expertise to our nation’s most critical defense, security, space and science challenges. While we are dedicated to solving complex challenges and pioneering new technologies, what makes us truly outstanding is our culture. We offer a vibrant, welcoming atmosphere where you can bring your authentic self to work, continue to grow, and build strong connections with inspiring teammates.

At APL, we celebrate our differences and encourage creativity and bold, new ideas. Our employees enjoy generous benefits, including a robust education assistance program, unparalleled retirement contributions, and a healthy work/life balance. APL’s campus is located in the Baltimore-Washington metro area. Learn more about our career opportunities at www.jhuapl.edu/careers.

#CJ

Previous Job Searches

Similar Listings

AOS - Asymmetric Operations Sector

*Laurel, *Maryland, *United States

📁 Cyber Security

ITSD - Information Technology Services Department

*Laurel, *Maryland, *United States

📁 Cyber Security

AMDS - Air and Missile Defense Sector

*Laurel, *Maryland, *United States

📁 Cyber Security