C003072 Splunk Specialist (NS) - MON 25 Sep

Total Scope of the request (hours): 273.6

Required Start Date: 6 November 2023

End Contract Date: 31 December 2023

Required Security Clearance: NATO SECRET

Duties and Role:

• Deploy Splunk to provided target unclassified and classified environments
• Deploy Splunk components (forwarders, deployment servers) to provided target unclassified and classified environments
• Integrate deployed Splunk elements with higher Splunk tiers
• Create and maintain Splunk deployment scripts by using Ansible/GIT
• Investigate and troubleshoot errors in Splunk deployment
• Document Splunk and/or its components deployment results
• Provide guidance/briefing about Splunk deployment and hand- over Splunk deployment results to responsible counterparties
• Assist teams in deploying Splunk components, incl. Sysmon, over automated tools (SCCM/WSUS)
• Support project activities related to SIEM/LogA capability; act as a subject matter expert (SME) and point of contact (POC) to facilitate further system development
• Justify business needs, prepare documentation and propose Splunk and related components implementation plan for the Change Management Board
• Implement the approved changes following co-ordination with other stakeholders
• Proactively recommend optimizations to capabilities to provide effective and efficient service operations
• Review security documentation and provide technical advice, when requested
• Maintain awareness of new technologies and developments, industry standards and best practices
• Participate in knowledge sharing with internal SIEM/LogA community and develop solutions efficiently
• Create technical reports as required
• Provide subject matter expertise and input for any future projects and system expansion
• Perform other essential duties as assigned

Requirements

Skill, Knowledge & Experience:

• The candidate must have a currently active NATO SECRET security clearance
• Bachelor's Degree in Computer Science combined with 2+ years' experience as Cyber Tools Engineer or similar position involving technical ICT Engineering knowledge and management of cyber tools, or a Secondary education and completed advanced vocational education (loading to a professional qualification or professional accreditation) with 4+ years post related experience
• Extensive practical experience with Splunk (deployment, installation, configuration and maintenance)
• Extensive practical experience with Splunk Enterprise security
• Practical experience in designing Splunk based solutions
• Knowledge of Splunk UBA
• Expert level and previous experience related to SIEM/LogA management activities
• Demonstrable experience of analysing and interpreting system, security, application and firewall logs in order to diagnose faults and spot abnormal behaviours
• Practical hands-on experience in systems and tools administration, especially Linux environment
• Comprehensive knowledge of the principles of computer and communication security, networking, and the vulnerabilities of modern operating systems and applications
• Practical skills in writing bash, python or ansible scripts to support repetitive tasks automation, Linux system and application administration and troubleshooting
• Solid understanding of regular expressions

Desirable Qualifications/Experience:

• Extensive practical experience with Splunk UBA
• Experience of using and administering security tools such as Sourcefire, Symantec Endpoint Protection, or RSA Security Analytics
• Experience in GIT
• Experience in Sysmon utility and its configuration futures
• Hands-on experience with automation technologies, i.e. Ansible
• Proficient with SIEM content creation – correlation rules, reports, dashboards, and Splunk applications
• Experience in creation/modification of custom parsers or flex connectors
• Understanding the Indicator of Compromise (IOC) concept and experience in integration of Threat Intel feeds and IOCs with SIEM platform
• Software engineering including programming and/or scripting knowledge (python, shell scripting, PowerShell)
• Troubleshooting of Linux and/or Windows infrastructures
• Good knowledge of maintaining a secure enterprise network through configuring and managing typical Security Enforcing Devices, such as Firewalls, Proxies, IDS/IPS devices, HIDS/EPO
• Knowledge of Sourcefire/Snort
• Prior experience automating interactions between systems using APIs
• Industry leading certification in the area of Cybersecurity such as, but not limited to: CISSP, CISM, MCSE/S, CISA, SANS GNSA, SANS GIAC
• A solid understanding of Information Security Practices; relating to the Confidentiality, Integrity and Availability of information (CIA triad.)
• Prior experience of working in an international environment comprising both military and civilian elements
• Prior experience as a user of SIEM and Log aggregation systems