Mantech

ManTech seeks a motivated, career and customer-oriented Splunk Analyst to join our team in Ft Detrick.  This is a hybrid position with 3 days onsite and 2 days remote.  (Optional: Use if Remote Type is Hybrid)

Responsibilities include but are not limited to:

• Administration of Splunk, creating custom content with SPL, data administration in a SIEM, and performing security investigations through Splunk ES.

• Identification of cyber threats and information security in the domains of TTP’s, Threat Actors, Campaigns, and Observables.

• Create Splunk dashboards, alarms and reports.

• Work with tools commonly deployed in a SOC environment such as intrusion detection systems, intrusion analysis systems, security information event management platforms (SIEM), endpoint threat detection tools, and security operations ticket management.

Minimum Qualifications:

• Bachelor’s degree in information technology, Cybersecurity, Data Science, Information Systems, or Computer Science from an ABET accredited or CAE designated institution. Six years’ experience in a related field in addition to one of the following current certifications are required: Cloud+, GICSP, SSCP, Security+, GSEC, FITSP-O, GFACT, CASP+, CCNP Security, or CCSP may be substituted for a degree.

• Two or more years of hands-on experience with Splunk, demonstrated through work experience and/or military experience. Splunk Core Certified Power User or Advanced Power User.

• Hands on experience with managing data sources, data alignment, and data curation. This includes troubleshooting missing events, working with data source owners to onboard new data sources and/or troubleshoot existing ones.

• Hands on experience with dashboard and notable creation – visualizations, report generation, and general content creation.

• Ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support analysis and detection efforts.

• Strong logical/critical thinking abilities, especially analyzing security events from host and network event sources e.g., windows event logs, AV, EDR, network traffic, IDS events for malicious intent). Experience with the identification and implementation of countermeasures or mitigating controls for deployment and implementation in the enterprise network environment.

• A working knowledge of the various operating systems (e.g., Windows, Linux, etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g., TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g., SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).

Preferred Qualifications:

• An understanding in researching Emerging Threats and recommending monitoring content within security tools.

• Experience with scripting or automation.

• Familiarity with cloud security monitoring (e.g., AWS, Azure)

Clearance Requirements:

• Must be a US Citizen and willing to obtain and maintain a DOD Public Trust and undergo a Tier 3 investigation with favorable results prior to starting this position.

Physical Requirements:

• Must be able to be in a stationary position more than 50% of the time

• Constantly operates a computer and other office productivity machinery, such as a computer

• The person in this position frequently communicates with co-workers, management and clients, which may involve delivering presentations ad must be able to exchange accurate information in these situations