Energy Jobline ZR
Energy Jobline is the largest and fastest growing global Energy Job Board and Energy Hub. We have an audience reach of over 7 million energy professionals, 400,000+ monthly advertised global energy and engineering jobs, and work with the leading energy companies worldwide.
We focus on the Oil & Gas, Renewables, Engineering, Power, and Nuclear markets as well as emerging technologies in EV, Battery, and Fusion. We are committed to ensuring that we offer the most exciting career opportunities from around the world for our jobseekers.
Title:
Splunk Architect
Location:
Fort Meade, MD or San Antonio, TX
US Citizenship:
Required
Clearance:
TS/SCI w/CI polygraph
Responsibilities
Lead purple-team campaigns using ATT&CK-aligned threat scenarios relevant to Enterprise Core service components
Develop custom scripts that support automation for data pipeline health and status, data ingest, and/or support services that must be monitored and optimized
Identify and understand the techniques used by advanced threat actors, including zero-day vulnerabilities, exploit development, and advanced persistent threats (APTs)
Collaborate with the SOC team to develop and implement countermeasures, such as antivirus signatures, intrusion detection system (IDS) rules, and mitigation strategies
Provide expert guidance and advice to other SOC team members, assisting with incident response and malware analysis efforts
Own the end-to-end SIEM strategy and Splunk platform roadmap aligned to business risk and MITRE ATT&CK
Develop and deliver training materials to enhance the skills and knowledge of the SOC team in the field of malware reverse engineering.
Maintain up-to-date knowledge of the latest malware threats, vulnerabilities, and industry trends, sharing relevant information with the SOC team
Serve as Tier-3 escalation for major incidents, craft investigation SPL queries and timeline reconstruction
Design, deploy, and maintain Splunk Enterprise/Cloud architectures (indexer & search head clustering, cluster master/manager, deployer, DS/CM, MC)
Requirements
Bachelor's degree in IT, cybersecurity, or related technical field (an additional 4 years of relevant work may be substituted for a degree)
Minimum of seven (7) years of experience in security engineering/operations, including at least three (3) years architecting and administering Splunk Enterprise or Splunk Cloud at scale (multi‑TB/day or multi‑site)
Hands‑on purple teaming experience, including two (2) years of planning/executing ATT&CK‑aligned adversary emulation with measurable detection outcomes
Proficiency in programming or scripting like C, C++, Python, Bash, and PowerShell
Strong understanding of operating systems, networking protocols, and software exploitation techniques
Familiarity with various threat intelligence platforms, such as MITRE ATT&CK and the Cyber Kill Chain
Excellent written and verbal communication skills, with the ability to present complex information in a clear and concise manner
One of the following (or equivalent) demonstrating Splunk proficiency: Splunk Core Certified Power User or Splunk Enterprise Administrator
Security certification signaling detection/operations skill such as GCDA, GCIA, GMON, GXPN or OSCP
Experience with monitoring threats through Tools, Techniques, and Procedures and how they relate to the MITRE ATT&CK framework
Ability to train and mentor staff and bring awareness to current and emerging threats
TS/SCI clearance with a CI polygraph
Equal Opportunity Employer/Veterans/Disabled
Job Posted by ApplicantPro
If you are interested in applying for this job please press the Apply Button and follow the application process. Energy Jobline wishes you the very best of luck in your next career move.
#J-18808-Ljbffr
We focus on the Oil & Gas, Renewables, Engineering, Power, and Nuclear markets as well as emerging technologies in EV, Battery, and Fusion. We are committed to ensuring that we offer the most exciting career opportunities from around the world for our jobseekers.
Title:
Splunk Architect
Location:
Fort Meade, MD or San Antonio, TX
US Citizenship:
Required
Clearance:
TS/SCI w/CI polygraph
Responsibilities
Lead purple-team campaigns using ATT&CK-aligned threat scenarios relevant to Enterprise Core service components
Develop custom scripts that support automation for data pipeline health and status, data ingest, and/or support services that must be monitored and optimized
Identify and understand the techniques used by advanced threat actors, including zero-day vulnerabilities, exploit development, and advanced persistent threats (APTs)
Collaborate with the SOC team to develop and implement countermeasures, such as antivirus signatures, intrusion detection system (IDS) rules, and mitigation strategies
Provide expert guidance and advice to other SOC team members, assisting with incident response and malware analysis efforts
Own the end-to-end SIEM strategy and Splunk platform roadmap aligned to business risk and MITRE ATT&CK
Develop and deliver training materials to enhance the skills and knowledge of the SOC team in the field of malware reverse engineering.
Maintain up-to-date knowledge of the latest malware threats, vulnerabilities, and industry trends, sharing relevant information with the SOC team
Serve as Tier-3 escalation for major incidents, craft investigation SPL queries and timeline reconstruction
Design, deploy, and maintain Splunk Enterprise/Cloud architectures (indexer & search head clustering, cluster master/manager, deployer, DS/CM, MC)
Requirements
Bachelor's degree in IT, cybersecurity, or related technical field (an additional 4 years of relevant work may be substituted for a degree)
Minimum of seven (7) years of experience in security engineering/operations, including at least three (3) years architecting and administering Splunk Enterprise or Splunk Cloud at scale (multi‑TB/day or multi‑site)
Hands‑on purple teaming experience, including two (2) years of planning/executing ATT&CK‑aligned adversary emulation with measurable detection outcomes
Proficiency in programming or scripting like C, C++, Python, Bash, and PowerShell
Strong understanding of operating systems, networking protocols, and software exploitation techniques
Familiarity with various threat intelligence platforms, such as MITRE ATT&CK and the Cyber Kill Chain
Excellent written and verbal communication skills, with the ability to present complex information in a clear and concise manner
One of the following (or equivalent) demonstrating Splunk proficiency: Splunk Core Certified Power User or Splunk Enterprise Administrator
Security certification signaling detection/operations skill such as GCDA, GCIA, GMON, GXPN or OSCP
Experience with monitoring threats through Tools, Techniques, and Procedures and how they relate to the MITRE ATT&CK framework
Ability to train and mentor staff and bring awareness to current and emerging threats
TS/SCI clearance with a CI polygraph
Equal Opportunity Employer/Veterans/Disabled
Job Posted by ApplicantPro
If you are interested in applying for this job please press the Apply Button and follow the application process. Energy Jobline wishes you the very best of luck in your next career move.
#J-18808-Ljbffr