Deadline Date: Monday 25 September 2023
Requirement: Splunk Specialist
Location: Mons, BE
Full time on-site: Yes
Time On-Site: 100%
Not to Exceed Rate: 115 EUR
Total Scope of the request (hours): 273.6
Required Start Date: 6 November 2023
End Contract Date: 31 December 2023
Required Security Clearance: NATO SECRET
Duties and Role:
- Deploy Splunk to provided target unclassified and classified environments
- Deploy Splunk components (forwarders, deployment servers) to provided target unclassified and classified environments
- Integrate deployed Splunk elements with higher Splunk tiers
- Create and maintain Splunk deployment scripts by using Ansible/GIT
- Investigate and troubleshoot errors in Splunk deployment
- Document Splunk and/or its components deployment results
- Provide guidance/briefing about Splunk deployment and hand- over Splunk deployment results to responsible counterparties
- Assist teams in deploying Splunk components, incl. Sysmon, over automated tools (SCCM/WSUS)
- Support project activities related to SIEM/LogA capability; act as a subject matter expert (SME) and point of contact (POC) to facilitate further system development
- Justify business needs, prepare documentation and propose Splunk and related components implementation plan for the Change Management Board
- Implement the approved changes following co-ordination with other stakeholders
- Proactively recommend optimizations to capabilities to provide effective and efficient service operations
- Review security documentation and provide technical advice, when requested
- Maintain awareness of new technologies and developments, industry standards and best practices
- Participate in knowledge sharing with internal SIEM/LogA community and develop solutions efficiently
- Create technical reports as required
- Provide subject matter expertise and input for any future projects and system expansion
- Perform other essential duties as assigned
Requirements
Skill, Knowledge & Experience:
- The candidate must have a currently active NATO SECRET security clearance
- Bachelor's Degree in Computer Science combined with 2+ years' experience as Cyber Tools Engineer or similar position involving technical ICT Engineering knowledge and management of cyber tools, or a Secondary education and completed advanced vocational education (loading to a professional qualification or professional accreditation) with 4+ years post related experience
- Extensive practical experience with Splunk (deployment, installation, configuration and maintenance)
- Extensive practical experience with Splunk Enterprise security
- Practical experience in designing Splunk based solutions
- Knowledge of Splunk UBA
- Expert level and previous experience related to SIEM/LogA management activities
- Demonstrable experience of analysing and interpreting system, security, application and firewall logs in order to diagnose faults and spot abnormal behaviours
- Practical hands-on experience in systems and tools administration, especially Linux environment
- Comprehensive knowledge of the principles of computer and communication security, networking, and the vulnerabilities of modern operating systems and applications
- Practical skills in writing bash, python or ansible scripts to support repetitive tasks automation, Linux system and application administration and troubleshooting
- Solid understanding of regular expressions
Desirable Qualifications/Experience:
- Extensive practical experience with Splunk UBA
- Experience of using and administering security tools such as Sourcefire, Symantec Endpoint Protection, or RSA Security Analytics
- Experience in GIT
- Experience in Sysmon utility and its configuration futures
- Hands-on experience with automation technologies, i.e. Ansible
- Proficient with SIEM content creation – correlation rules, reports, dashboards, and Splunk applications
- Experience in creation/modification of custom parsers or flex connectors
- Understanding the Indicator of Compromise (IOC) concept and experience in integration of Threat Intel feeds and IOCs with SIEM platform
- Software engineering including programming and/or scripting knowledge (python, shell scripting, PowerShell)
- Troubleshooting of Linux and/or Windows infrastructures
- Good knowledge of maintaining a secure enterprise network through configuring and managing typical Security Enforcing Devices, such as Firewalls, Proxies, IDS/IPS devices, HIDS/EPO
- Knowledge of Sourcefire/Snort
- Prior experience automating interactions between systems using APIs
- Industry leading certification in the area of Cybersecurity such as, but not limited to: CISSP, CISM, MCSE/S, CISA, SANS GNSA, SANS GIAC
- A solid understanding of Information Security Practices; relating to the Confidentiality, Integrity and Availability of information (CIA triad.)
- Prior experience of working in an international environment comprising both military and civilian elements
- Prior experience as a user of SIEM and Log aggregation systems