Invictus International Consulting, LLC.
Splunk Architect
Invictus International Consulting, LLC., Fort George Meade, Maryland, United States
Title:
Splunk Architect Location:
Fort Meade, MD or San Antonio, TX US Citizenship:
Required Clearance:
TS/SCI w/CI polygraph Responsibilities
Lead purple-team campaigns using ATT&CK-aligned threat scenarios relevant to Enterprise Core service components Develop custom scripts that support automation for data pipeline health and status, data ingest, and/or support services that must be monitored and optimized Identify and understand the techniques used by advanced threat actors, including zero-day vulnerabilities, exploit development, and advanced persistent threats (APTs) Collaborate with the SOC team to develop and implement countermeasures, such as antivirus signatures, intrusion detection system (IDS) rules, and mitigation strategies Provide expert guidance and advice to other SOC team members, assisting with incident response and malware analysis efforts Own the end-to-end SIEM strategy and Splunk platform roadmap aligned to business risk and MITRE ATT&CK Develop and deliver training materials to enhance the skills and knowledge of the SOC team in the field of malware reverse engineering. Maintain up-to-date knowledge of the latest malware threats, vulnerabilities, and indust1y trends, sharing relevant information with the SOC team Serve as Tier-3 escalation for major incidents, craft investigation SPL queries and timeline reconstruction Design, deploy, and maintain Splunk Enterprise/Cloud architectures (indexer & search head clustering, cluster master/manager, deployer, DS/CM, MC) Requirements
Bachelor's degree in IT, cybersecurity, or related technical field (an additional 4 years of relevant work may be substituted for a degree) Minimum of seven (7) years of experience in security engineering/operations, including at least three (3) years architecting and administering Splunk Enterprise or Splunk Cloud at scale (multi-TB/day or multi-site) Hands-on purple teaming experience, including two (2) years of planning/executing ATT&CK-aligned adversary emulation with measurable detection outcomes Proficiency in programming languages or scripting languages like C, C++, Python, Bash, and PowerShell Strong understanding of operating systems, networking protocols, and software exploitation techniques Familiarity with various threat intelligence platforms, such as MITRE ATT&CK and the Cyber Kill Chain Excellent written and verbal communication skills, with the ability to present complex information in a clear and concise manner One of the following (or equivalent) demonstrating Splunk proficiency: Splunk Core Certified Power User or Splunk Enterprise Administrator Security certification signaling detection/operations skill such as GCDA, GCIA, GMON, GXPN or OSCP Experience with monitoring threats through Tools, Techniques, and Procedures and how they relate to the MITRE ATT&CK framework Ability to train and mentor staff and bring awareness to current and emerging threats TS/SCI clearance with a CI polygraph Equal Opportunity Employer/Veterans/Disabled
#J-18808-Ljbffr
Splunk Architect Location:
Fort Meade, MD or San Antonio, TX US Citizenship:
Required Clearance:
TS/SCI w/CI polygraph Responsibilities
Lead purple-team campaigns using ATT&CK-aligned threat scenarios relevant to Enterprise Core service components Develop custom scripts that support automation for data pipeline health and status, data ingest, and/or support services that must be monitored and optimized Identify and understand the techniques used by advanced threat actors, including zero-day vulnerabilities, exploit development, and advanced persistent threats (APTs) Collaborate with the SOC team to develop and implement countermeasures, such as antivirus signatures, intrusion detection system (IDS) rules, and mitigation strategies Provide expert guidance and advice to other SOC team members, assisting with incident response and malware analysis efforts Own the end-to-end SIEM strategy and Splunk platform roadmap aligned to business risk and MITRE ATT&CK Develop and deliver training materials to enhance the skills and knowledge of the SOC team in the field of malware reverse engineering. Maintain up-to-date knowledge of the latest malware threats, vulnerabilities, and indust1y trends, sharing relevant information with the SOC team Serve as Tier-3 escalation for major incidents, craft investigation SPL queries and timeline reconstruction Design, deploy, and maintain Splunk Enterprise/Cloud architectures (indexer & search head clustering, cluster master/manager, deployer, DS/CM, MC) Requirements
Bachelor's degree in IT, cybersecurity, or related technical field (an additional 4 years of relevant work may be substituted for a degree) Minimum of seven (7) years of experience in security engineering/operations, including at least three (3) years architecting and administering Splunk Enterprise or Splunk Cloud at scale (multi-TB/day or multi-site) Hands-on purple teaming experience, including two (2) years of planning/executing ATT&CK-aligned adversary emulation with measurable detection outcomes Proficiency in programming languages or scripting languages like C, C++, Python, Bash, and PowerShell Strong understanding of operating systems, networking protocols, and software exploitation techniques Familiarity with various threat intelligence platforms, such as MITRE ATT&CK and the Cyber Kill Chain Excellent written and verbal communication skills, with the ability to present complex information in a clear and concise manner One of the following (or equivalent) demonstrating Splunk proficiency: Splunk Core Certified Power User or Splunk Enterprise Administrator Security certification signaling detection/operations skill such as GCDA, GCIA, GMON, GXPN or OSCP Experience with monitoring threats through Tools, Techniques, and Procedures and how they relate to the MITRE ATT&CK framework Ability to train and mentor staff and bring awareness to current and emerging threats TS/SCI clearance with a CI polygraph Equal Opportunity Employer/Veterans/Disabled
#J-18808-Ljbffr