SOC Content Engineer w/splunk - Fully Remote

Posted 12 days ago United States Salary undisclosed
Before you apply - make sure the job is legit.

Attempting to apply for jobs might take you off this site to a different website not owned by us. Any consequence as a result for attempting to apply for jobs is strictly at your own risk and we assume no liability.

Job Description

DTJPJob Title: SOC Content Engineer w/SplunkHours: StandardEst Duration: 1 year + Idea to extend based on performanceLocation: Fully Remote Candidate should have strong background in the following: Splunk power user or extensive experience with Splunk, dashboard and alert creation experience. Strong SIEM configuration/maintenance experience Experience with Splunk log ingestion Strong network analysis, packet captures, IDS/IPS Strong MITRE ATT&CK framework who can translate into Splunk alerts US CITIZENSHIP REQUIRED AND W2 PLEASE USE THESE PRE-SCREEN QUESTIONS AND ATTACH TO SUBMISSION Q1: How would you investigate a phishing email? Q2: When investigating a suspicious web traffic, what does the status message 200, 302, or 400 mean? Q3: Can you provide an example Splunk query, where you have an endpoint log source and we want a unique list of hostnames that triggered EventCode 4625?Q4: Scenario based: A user reports that his computer is acting strangely and is requesting CSIRT to investigate what the issue is. He provides the IP address for his laptop that is running Windows 10. Assume the analyst has access to all the security tools and are not allowed to communicate with the user. Just need to use security tools do perform the investigation. Walk us through the steps you would take to investigate this issue. Job Description:The SOC Content Engineer supports the mission of the Security Operations Center. The Content Engineer will work within the Cybersecurity organization to assist in onboarding system and application logs into the Security Information and Event Management System (SIEM They are responsible for collaborating with Incident Response, Threat Intelligence and Vulnerability Management teams to develop alerts, reports, dashboards and Indicators of Compromise (IOC Skills/Qualifications:- Prior work experience in as SOC and as a Threat Intelligence or Incident Response Analyst Strong knowledge of advisory cyber threat actors including Advanced Persistent Threat (APT) actors, cybercriminal groups, hacktivists, and insider threats Working knowledge of Splunk dashboard creation, search and reporting. Splunk Power User certification a plus Experience in onboarding and creating content for both On-Premise and SaaS applications Knowledge of and experience with standard network logging formats, network management systems and network security monitoring systems, security information and event management, network packet analysis tools and forensic analysis tools- Knowledge of and experience with web proxy, firewalls, IPS, IDS, mail content scanning appliances, enterprise Antivirus solutions, Network Analyzers, and domain name servers desired- Strong knowledge of the various cyber threat intelligence models a must. Such as:- Working knowledge of the Cyber Threat Kill Chain- Working knowledge of the MITRE ATT&CK Framework- Strong knowledge of the various structured analytic techniques a must. Such as: Key Assumptions Check, Analysis of Competing Hypotheses (ACH), High-Impact/Low-Probability Analysis- Demonstrated knowledge in one of more of the following areas: network security principles, host-based security principles, network and system administration, forensic analysis principles, cyber threat intelligence principles, and/or counterintelligence operations- Proven analytical and report-writing abilities- Able to manage competing priorities and work efficiently under pressureCoding and scripting experience a plus Basic Qualifications- Bachelors degree or equivalent work- Individuals with CISSP, Security+ certifications- Knowledge of Federal compliance requirements and frameworks, including DFARS, ITAR NIST 800-171, CMMC level 3 helpful