Back to all jobs

Splunk Content Developer, Senior

Booz Allen

Nov 23

Splunk Content Developer, Senior

Key Role:

Support monitoring, detection, and analysis of security alerts, events, incidents, and potential threats to a client enterprise environment. Work collaboratively within a team to analyze, understand, mitigate, and respond to security events and threats. Perform remediation and triage activities that will seek to limit impact to operations caused by the incident. Analyze alerts, events, and incidents to figure out event details, including systems affected and assist in recovery efforts. Use threat intelligence, event data, and assessments from events, and identify patterns to understand threat actors’ goals to stop them from succeeding.

Basic Qualifications:

  • Experience as a security analyst in a security operations center (SOC) environment supporting large data sets
  • Experience with analyzing cyber incidents or malware
  • Knowledge of security operations service capabilities, including monitoring, detection, analysis, incident response, solutions architecture, engineering, tool deployment, integration, and support
  • Knowledge of the integration of threat intelligence, threat hunt, forensics, and malware analysis into security operations
  • Ability to use Splunk or SIEM tools for development or analysis
  • Ability to obtain a security clearance
  • Bachelor's degree

Additional Qualifications:

  • 3+ years of experience developing custom Splunk dashboards, including SPL and XML, apps, ES alerts and technical add-ons for IT operations and security use cases
  • 1+ years of experience developing Phantom playbook
  • Experience developing complex queries using Splunk Query Language for use in advanced dashboards and custom Splunk applications
  • Experience with automating common repeatable tasks using Phantom SOAR capabilities
  • Experience with security solutions, including SIEM, IDS/IPS, DLP, EDR, deep-packet analysis, FW, log analysis, malware analysis, and other open-source tools
  • Ability to review ingested data for accuracy to ensure all data is indexed properly and data feeds are sending logs in a timely fashion
  • Ability to perform data transformation using Splunk Query Language for custom Enterprise Security notable events and security monitoring use cases
  • Ability to support Information Security / Cyber Threat Use Case Content Development and data visualization
  • Ability to communicate with management and other technical subject matter experts and operators
  • Ability to define problems, collect data, establish facts, and draw valid conclusions
  • Possession of advanced troubleshooting and problem-solving skills, evidence of skills, including analyzing information technology issue, evaluation alternatives, and making logical recommendations based on findings

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.