Invictus International
Overview
Title: Splunk Architect
Location: Fort Meade, MD or San Antonio, TX
US Citizenship: Required
Clearance: TS/SCI w/CI polygraph
Responsibilities
Lead purple-team campaigns using ATT&CK-aligned threat scenarios relevant to Enterprise Core service components
Develop custom scripts that support automation for data pipeline health and status, data ingest, and/or support services that must be monitored and optimized
Identify and understand the techniques used by advanced threat actors, including zero-day vulnerabilities, exploit development, and advanced persistent threats (APTs)
Collaborate with the SOC team to develop and implement countermeasures, such as antivirus signatures, intrusion detection system (IDS) rules, and mitigation strategies
Provide expert guidance and advice to other SOC team members, assisting with incident response and malware analysis efforts
Own the end-to-end SIEM strategy and Splunk platform roadmap aligned to business risk and MITRE ATT&CK
Develop and deliver training materials to enhance the skills and knowledge of the SOC team in the field of malware reverse engineering
Maintain up-to-date knowledge of the latest malware threats, vulnerabilities, and industry trends, sharing relevant information with the SOC team
Serve as Tier-3 escalation for major incidents, craft investigation SPL queries and timeline reconstruction
Design, deploy, and maintain Splunk Enterprise/Cloud architectures (indexer & search head clustering, cluster master/manager, deployer, DS/CM, MC)
Requirements
Bachelor's degree in IT, cybersecurity, or related technical field (an additional 4 years of relevant work may be substituted for a degree)
Minimum of seven (7) years of experience in security engineering/operations, including at least three (3) years architecting and administering Splunk Enterprise or Splunk Cloud at scale (multi-TB/day or multi-site)
Hands-on purple teaming experience, including two (2) years of planning/executing ATT&CK-aligned adversary emulation with measurable detection outcomes
Proficiency in programming languages or scripting languages like C, C++, Python, Bash, and PowerShell
Strong understanding of operating systems, networking protocols, and software exploitation techniques
Familiarity with various threat intelligence platforms, such as MITRE ATT&CK and the Cyber Kill Chain
Excellent written and verbal communication skills, with the ability to present complex information in a clear and concise manner
One of the following (or equivalent) demonstrating Splunk proficiency: Splunk Core Certified Power User or Splunk Enterprise Administrator
Security certification signaling detection/operations skill such as GCDA, GCIA, GMON, GXPN or OSCP
Experience with monitoring threats through Tools, Techniques, and Procedures and how they relate to the MITRE ATT&CK framework
Ability to train and mentor staff and bring awareness to current and emerging threats
TS/SCI clearance with a CI polygraph
Equal Opportunity Employer/Veterans/Disabled
#J-18808-Ljbffr
Location: Fort Meade, MD or San Antonio, TX
US Citizenship: Required
Clearance: TS/SCI w/CI polygraph
Responsibilities
Lead purple-team campaigns using ATT&CK-aligned threat scenarios relevant to Enterprise Core service components
Develop custom scripts that support automation for data pipeline health and status, data ingest, and/or support services that must be monitored and optimized
Identify and understand the techniques used by advanced threat actors, including zero-day vulnerabilities, exploit development, and advanced persistent threats (APTs)
Collaborate with the SOC team to develop and implement countermeasures, such as antivirus signatures, intrusion detection system (IDS) rules, and mitigation strategies
Provide expert guidance and advice to other SOC team members, assisting with incident response and malware analysis efforts
Own the end-to-end SIEM strategy and Splunk platform roadmap aligned to business risk and MITRE ATT&CK
Develop and deliver training materials to enhance the skills and knowledge of the SOC team in the field of malware reverse engineering
Maintain up-to-date knowledge of the latest malware threats, vulnerabilities, and industry trends, sharing relevant information with the SOC team
Serve as Tier-3 escalation for major incidents, craft investigation SPL queries and timeline reconstruction
Design, deploy, and maintain Splunk Enterprise/Cloud architectures (indexer & search head clustering, cluster master/manager, deployer, DS/CM, MC)
Requirements
Bachelor's degree in IT, cybersecurity, or related technical field (an additional 4 years of relevant work may be substituted for a degree)
Minimum of seven (7) years of experience in security engineering/operations, including at least three (3) years architecting and administering Splunk Enterprise or Splunk Cloud at scale (multi-TB/day or multi-site)
Hands-on purple teaming experience, including two (2) years of planning/executing ATT&CK-aligned adversary emulation with measurable detection outcomes
Proficiency in programming languages or scripting languages like C, C++, Python, Bash, and PowerShell
Strong understanding of operating systems, networking protocols, and software exploitation techniques
Familiarity with various threat intelligence platforms, such as MITRE ATT&CK and the Cyber Kill Chain
Excellent written and verbal communication skills, with the ability to present complex information in a clear and concise manner
One of the following (or equivalent) demonstrating Splunk proficiency: Splunk Core Certified Power User or Splunk Enterprise Administrator
Security certification signaling detection/operations skill such as GCDA, GCIA, GMON, GXPN or OSCP
Experience with monitoring threats through Tools, Techniques, and Procedures and how they relate to the MITRE ATT&CK framework
Ability to train and mentor staff and bring awareness to current and emerging threats
TS/SCI clearance with a CI polygraph
Equal Opportunity Employer/Veterans/Disabled
#J-18808-Ljbffr