Splunk SME

ManTech (www.mantech.com)


  Full Time   Employee   Contractor

United States

Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must pass background investigation and be clearable to DHS EOD.

Role and Responsibilities:

1. Read, analyze and interpret business requirements, system documentation, and technical procedures
2. Secure relevant information, integrates data from different sources, and identifies possible causes of problems
3. Support operations and provide Tier 3 support for an enterprise CMaaS solution based on Splunk, ForeScout, CounterAct, McAfee ePO
4. Support Extract, Transform, and Load operations to retrieve content from ePO and ForeScout repositories as well as existing hardware, software, system boundary inventories. Maintain and present that content within Splunk
5. Push Asset Summary Reporting (ASR) content from Splunk to RSA Archer based dashboard
6. Design and implement broader data integration with RSA Archer via Restful API data draw from Splunk
7. Ensure content flow to RSA Archer is correct summary information. Identify quality procedures to ensure summary data is accurate and not more detailed than required
8. Design and build more detailed Splunk reporting for internal use cases
9. Conduct appropriate analysis and ensure calls that are unable to be resolved are appropriately forwarded to vendor product support. Support the following:

*Provide initial problem resolution where possible

*Generate, monitor, and track incidents through resolution

*Provide software support

*Maintain frequently asked questions and their resolutions

*Obtain customer feedback and conduct surveys

10. Provide expert product capabilities and design input into solution design, build, and test activities and documentation
11. Contribute technical input to CMaaS Technical Training

Qualifications and Education/Certification Requirements:
1. Must possess 3-5 years cybersecurity experience, preferred working in and/or as an analyst to a SOC environment
2. Strong skill sets on debugging SQL stored procedures, triggers, Views, Query Optimization Techniques & query hints
3. Effectively utilize SQL Profiler
4. Understands SQL Server Metadata views and system tables
5. Familiarity with the NIST 800 publications governing the FISMA Act
6. Experience with dashboard or Security Information Event Management (SIEM) systems, including ingest of third- party data for rendering within the dashboard or SIEM
7. Ability to manipulate large volume of data in order to provide customer requested reports or charts
8. Certification: Splunk Certified Admin, or Microsoft Certified Solutions Associate SQL Server 2012, or Oracle Database Administrator Certified Professional required
9. Requires 2+ years’ experience with at least one of the following technologies:


*RSA Archer

*Security Content Automation Protocol (SCAP)

*Asset Summary Reporting Format (ASR)

*Restful API solution integration

*McAfee ePO

*ForeScout CounterAct

identifier: POSTDICE

To apply for this job, contact:
Human Resources

Save This Job

Email This Job to a Friend