Become an integral part of a diverse team that leads the world in the Mission, Cyber, and Intelligence Solutions group. At ManTech International Corporation, you will help protect our national security while working on innovative projects that offer opportunities for advancement.
Currently, ManTech is seeking a motivated, career and customer oriented Splunk Engineer to join our team in the Reston, VA area to provide unparalleled support to our customer and to begin an exciting and rewarding career within ManTech.
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must pass background investigation and be clearable to DHS EOD.
Role and Responsibilities:
- Read, analyze and interpret business requirements, system documentation, and technical procedures
- Secure relevant information, integrates data from different sources, and identifies possible causes of problems
- Support operations and provide Tier 3 support for an enterprise CMaaS solution based on Splunk, ForeScout, CounterAct, McAfee ePO
- Support Extract, Transform, and Load operations to retrieve content from ePO and ForeScout repositories as well as existing hardware, software, system boundary inventories. Maintain and present that content within Splunk
- Push Asset Summary Reporting (ASR) content from Splunk to RSA Archer based dashboard
- Design and implement broader data integration with RSA Archer via Restful API data draw from Splunk
- Ensure content flow to RSA Archer is correct summary information. Identify quality procedures to ensure summary data is accurate and not more detailed than required
- Design and build more detailed Splunk reporting for internal use cases
- Conduct appropriate analysis and ensure calls that are unable to be resolved are appropriately forwarded to vendor product support.
· Support the following:
*Provide initial problem resolution where possible
*Generate, monitor, and track incidents through resolution
*Provide software support
*Maintain frequently asked questions and their resolutions
*Obtain customer feedback and conduct surveys
Provide expert product capabilities and design input into solution design, build, and test activities and documentation
- Contribute technical input to CMaaS Technical Training
Qualifications and Education/Certification Requirements:
- Must possess 3-5 years cybersecurity experience, preferred working in and/or as an analyst to a SOC environment
- Strong skill sets on debugging SQL stored procedures, triggers, Views, Query Optimization Techniques & query hints
- Effectively utilize SQL Profiler
- Understands SQL Server Metadata views and system tables
- Familiarity with the NIST 800 publications governing the FISMA Act
- Experience with dashboard or Security Information Event Management (SIEM) systems, including ingest of third- party data for rendering within the dashboard or SIEM
- Ability to manipulate large volume of data in order to provide customer requested reports or charts
- Certification: Splunk Certified Admin, or Microsoft Certified Solutions Associate SQL Server 2012, or Oracle Database Administrator Certified Professional required
- Hands on experience with Virtualization Technology such as VMware or Virtualbox.
- Experience with Active Directory, Log management tools and Vulnerability assessment tools.
- Requires 2+ years? experience with at least one of the following technologies:
*Security Content Automation Protocol (SCAP)
*Asset Summary Reporting Format (ASR)
*Restful API solution integration
* Linux Administration