Overview
Work with a team of Splunk SMEs to administer Splunk Cloud instances supporting both cybersecurity and fraud initiatives. Work with other cybersecurity and IT personnel, product owners, and security teams to develop and maintain Splunk content for cybersecurity and fraud use cases. Lead complex projects and solve complex problems as they relate to Splunk service offerings taking a broad perspective to identify solutions and technologies.
Responsibilities
Develop, test, modify, build, and deploy SIEM correlation rules in alignment with client requirements utilizing change management best practices
Act as a subject matter expert to guide internal staff with a primary mission to proactively prevent incidents by utilizing the SIEM and complimentary technologies as appropriate
Normalize data to ensure CIM compliance and align with data models to accelerate queries, dashboards, and correlation searches
Work with existing and custom Splunk applications and add-ons to fulfill customer requirements
Research and look for opportunities to adopt best practices and industry standards to enhance the SIEM, Fraud, and SOAR platforms
Develop and maintain internal asset and identities classification and categorization in the SIEM
Monitor system stability and performance and ensure system availability, reliability, and usability
Investigate complex scenarios, break them down to their base components, then identify, isolate, and communicate problems/issues
Implement and manage Splunk apps, dashboards, alerts, and reports to provide actionable insights to various teams
Translate feedback from the business to Splunk technical requirement and solutions
Create advanced dashboards, alerts, reports, advanced Splunk searches with improved search performance and visualization in Splunk enterprise
Troubleshoot complex problems, resolve operational issues, and interact with customers
Perform advanced searches, data analysis, and correlation to uncover insights and trends
Troubleshoot and resolve Splunk-related technical issues, partnering with IT and SOC teams as needed
Must be a team player, but able to work independently on large, complex projects and assignments in a fast-paced environment
Communicate with customers and teammates clearly and concisely
Identify opportunities to enhance the current baseline processes and configurations
Always provide professional and courteous service with excellent verbal and written communications skills
Stay abreast of the latest Splunk features, technologies, and industry trends, and make recommendations for continuous improvement
Follow change & configuration management procedures in relevant tools (e.g., Jira, SNOW, etc.)
Ensure the completion of tasks and update tickets accordingly
Qualifications
At least ten (10) years of IT experience
Six (6) to eight (8) years of experience with Splunk in distributed deployments and at least two (2) years of experience in Splunk Cloud environments
At least three (3) years of experience with Splunk Enterprise Security
Current Splunk Enterprise Certified Admin certification
Current Splunk Enterprise Security Certified Admin certification
Proficient at data administrative activities including parsing and normalizing events to the Splunk Common Information Model (CIM)
Proficiency aligning data to Splunk-developed add-ons for Windows, Linux, and common third-party devices and applications
Superb communication skills (both oral/written) including the ability to clearly communicate technical topics and risk to an audience than can include both analysts, engineers, and executives
Strong problem-solving abilities with an analytic and qualitative eye for reasoning under pressure
Experience with SIEM and/or SOAR platforms, including the development of automations and integrations
Self-starter with the ability to independently prioritize and complete multiple tasks with little to no supervision
Knowledge of JIRA and Confluence
Knowledge of Change Management processes
Desired Qualifications
Bachelor's degree in computer science, Information Systems, Cybersecurity, or comparable field of study, and/or equivalent work experience
Current Splunk Enterprise Certified Architect certification
Current Splunk Core Certified Consultant certification
Expert-level knowledge and ability with Splunk ES or integration with other SIEM platforms
One to three years of experience in Splunk SOAR is preferred
Knowledge of scripting languages like Python
Experience in the banking or finance industries a plus
Knowledge of version control practices and experience with version control software products (e.g., Git, Bitbucket, etc.)
In-depth knowledge of operating systems logs (Windows servers and workstations, AIX/Linux/Solaris, and Apple Mac)
In-depth knowledge of network appliance logs (Firewalls, router & switches)
Relevant cybersecurity certifications, (e.g., CISSP, GCIA, GCIH, GCED, or similar)
Hours: Monday - Friday, 8:00AM - 4:30PM
Location: 820 Follin Lane, Vienna, VA 22180 | 5550 Heritage Oaks Dr. Pensacola, FL 32526 | 141 Security Dr. Winchester, VA 22602 | Remote
This position is eligible for the TalentQuest employee referral program. If an employee referred you for this job, please apply using the system-generated link that was sent to you.
About Us
You have goals, dreams, hobbies, and things you're passionate about-what's important to you is important to us. We're looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them-friends, family, and passions. And we're looking for team members who are passionate about our mission-making a difference in military members' and their families' lives. Together, we can make it happen. Don't take our word for it:
- Military Times 2022 Best for Vets Employers
- WayUp Top 100 Internship Programs
- ForbesR 2022 The Best Employers for New Grads
- Fortune Best Workplaces for Women
- Fortune 100 Best Companies to Work ForR
- ComputerworldR Best Places to Work in IT
- Ripplematch Campus Forward Award - Excellence in Early Career Hiring
- Fortune Best Place to Work for Financial and Insurance Services
Equal Employment Opportunity: Navy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans. EOE/AA/M/F/Veteran/Disability EOE/AA/M/F/Veteran/Disability
Disclaimers: Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position. Job postings are subject to close early or extend out longer than the anticipated closing date at the hiring team's discretion based on qualified applicant volume. Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position
Bank Secrecy Act: Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.
REQNUMBER: 14754
