[Remote] Splunk Detection Engineer

Note: The job is a remote job and is open to candidates in USA. Boston Government Services, LLC (BGS) is an engineering, technology, and security firm that supports missions of national importance. They are seeking a Splunk Detection Engineer to integrate data sources, validate configurations, and develop searches and reports for cybersecurity use cases.

Responsibilities

• Integrate new data sources, which may include databases, APIs, files, etc. This may involve setting standards and working with IT administrators to update their configurations
• Validating and creating appropriate configurations for CIM compliant logs
• Processing requests from cybersecurity analysts for new detections within Splunk Enterprise Security
• Analyzing existing logs to identify poorly formatted logs and potential gaps when implementing new detections
• Adding and maintaining threat feeds within Splunk Enterprise Security
• Monitoring the performance of and tuning detections
• Managing asset and identity inventory within Splunk Enterprise Security
• Creating and maintaining new Splunk apps
• Recommending additions or changes to Splunk or its data models to meet detection needs
• Developing searches, reports, and other functionalities for cyber-based use-cases, including active response, intrusion detection, vulnerability management, and related use cases
• Assisting users with creating and optimizing searches and dashboards and mentoring others in good development of said resources
• Attend online/Teams meetings with team and others as appropriate
• Work with team to provide status on current task, suggest improvements, discuss implementation, etc
• Capture business requirements and implement the requirements
• Analyze data and perform initial planning to address identified issues
• Assist with the creation of playbooks to address identified issues from analysts
• Seek to understand the intention of detections and corresponding playbooks
• Provide basic feedback on existing playbooks and detections
• Identify telemetry quality and visibility issues (SIEM parsing/normalization, EDR/XDR sensor health, asset/identity tagging)
• Provide advanced recommendations to address gaps in logging and detections based on an analysis of threats and data
• Create detailed and thorough testing plans to ensure higher chance of accurate detections
• Produce clear metrics and reports (FP rate, backlog) for technical and executive audiences
• Create advanced use cases for detections based on an analysis of threats and data, including sample criteria to identify the behavior and mapping detections to MITRE Telecommunication & CK
• Drive continuous improvements to existing processes or tooling
• Perform quality reviews and improve detections and actions
• Coach, guide, teach others on the team in use of Enterprise Security

Skills

• Significant experience with Splunk and Splunk Enterprise Security
• Significant experience with event logging solutions (e.g., Splunk Universal Forwarder, syslog, Cribl)
• Experience with ticketing/case management
• Experience with Git pipelines
• Familiarity with using Linux CLI
• Ability to craft queries using common languages; comfort with regex, JSON and APIs; basic scripting in Python/PowerShell/Bash
• Excellent analytical, problem-solving, and communication skills both with stakeholders, peers, and internal customers; able to operate under pressure in a shift or on-call environment
• Considerable knowledge using and administering Splunk
• Staying up to date with the latest cybersecurity threats, vulnerabilities, and best practices
• Strong analytical and problem-solving skills
• Meticulous attention to detail to ensure thorough assessments and accurate reporting
• Excellent written and verbal communication skills to effectively convey findings and recommendations to technical and non-technical stakeholders
• Ability to work collaboratively with other cybersecurity professionals, IT staff, and external vendors
• Experience and skill in conducting audits or reviews of technical systems
• Experience working in a government environment
• Experience working in a distributed IT environment
• Ability to qualify for HSPD-12 card for use in two-factor authentication
• Strong grasp of TCP/IP, OSI model, and common protocols (HTTP, DNS, SMTP)
• Windows/Linux/macOS fundamentals; Active Directory/Azure AD concepts; basic cloud logging
• Experience in system and network administration
• Relevant cybersecurity experience including investigations and data analysis
• Experience with SOAR tools and automation development
• Experience using identity security/management tools (e.g., Entra ID, Active Directory, Shibboleth, CrowdStrike Identity Protection)
• Cloud security experience (e.g., CloudTrail/GuardDuty, Azure Defender/M365, GCP Security Command Center)

Benefits

• Health
• Dental
• Vision
• Life Insurance
• Paid Vacation
• 401K
• Long and Short-Term Disability

Company Overview

• Boston Government Services, LLC (BGS) is an engineering, technology, and security firm providing mission-focused solutions for the clean energy, nuclear, and federal programs markets. It was founded in 2007, and is headquartered in Oak Ridge, Tennessee, USA, with a workforce of 201-500 employees. Its website is https://www.bgs-llc.com/.

Apply tot his job Apply To this Job