SIEM Implementation Engineer

Foxhole Technology - Fairfax, VA (30+ days ago)3.1

Full-time

Overview
Location: HQ, Fairfax VA; various DoD and Federal organizations

Telework: Approximately 50%

Clearance: Top Secret

Foxhole Technology provides gold standard solutions and service to our customers, including but not limited to: Security Incident and Event Management (SIEM); Continuous Monitoring and Risk Scoring; Scure Configuration Management; Systems, Software and Network Engineering; Developmental Test and Evaluation (DT&E); and Authorization and Accreditation (A&A). Our in-depth expertise provides robust capabilities in penetration testing, program management and information security, as well as in all areas of cyber security engineering for DoD, Federal and civilian agencies.

Job Description
Foxhole Technology has an immediate, long term requirement for a SIEM/Splunk Implementation Engineer to lead our SIEM teams on our DOD and Federal prime contracts. This role requires the ability to design, architect and implement Splunk solutions in support of cybersecurity and/or IT operations. Our customer base within U.S. government organizations requires a Top Secret security clearance. This focus of this role is primarily engineering, designing, implementing and providing Tier III support for medium to large Splunk deployments. The candidate must have significant experience designing Splunk solutions in a clustered, distributed environment; and be able to work collaboratively with diverse end users, as well as geographically dispersed staff across CONUS and OCONUS.

Designs new Splunk solutions based on customer requirements.
Aids customers in refining existing Splunk deployments while applying Splunk best practices.
Deploys Splunk in clustered and non-clustered environments (based on customer needs; includes indexer clusters, multi-site indexer clusters, and search head clusters).
Guides the customer and support staff to apply best practices to management of Splunk knowledge objects (Apps, Dashboards, Saved Searches, Scheduled Searches, Alerts).
Works with data owners and other third parties to design and implement a data pipeline using forwarders and other tools.
Works with security and other relevant stakeholders to determine high availability requirements and to develop recommendations for replication and related features.
Minimum Requirements
Strong experience and expertise engineering Splunk solutions for a variety of customers.
Experience in building Splunk Technology Add-ons and configuring field extractions for various data sources.
Experience deploying/managing Splunk indexer clusters and search head clusters.
Strong understanding of the underlying Splunk infrastructure and components (lookups, buckets, modular inputs, standard inputs, relationships between varying configuration files, etc.).
Strong Linux system administration and engineering skills; must be very comfortable administering servers from the command line and working with configuration files.
Ability to work collaboratively with a globally distributed team.
Strong sense of self-motivation; ability to identify problems and offer solutions.
Ability and willingness to learn new things.
Splunk Certified Architect required.
DoD 8570 certification in the IAT Level III and/or CNDSP tier (CISSP or CASP, and CEH) or obtain within six months of employment.
3+ years experience with Splunk in a distributed, enterprise environment.
7+ years experience in a technical IT position involving systems administration and/or systems engineering.
Desired Experience/Certifications
Splunk Enterprise Security.
Splunk IT Service Intelligence.
Splunk UBA.
Experience working with other big data analytics solutions (Elasticsearch, Apache Spark, Hadoop, etc.) especially experience integrating these third party solutions with Splunk (using pre-built integrations like Hunk, or developing your own).
Phantom or other SOAR products.
MLTK.
Experience with other SIEM products like ArcSight, QRadar, LogRhythm, Exabeam, etc.
More Information
Foxhole Technology Commitments

Accessibility and Accommodations
For Individuals with Disabilities, Medical Conditions, or Physical or Mental Impairments: Foxhole Technology is committed to ensuring our employment process is open to all individuals. We provide reasonable accommodations to individuals who need assistance during any part of the employment process due to a disability, medical condition, or physical or mental impairment. Reasonable accommodations are considered on a case-by-case basis. If you are selected for further consideration and need an accommodation for any part of the application or interview process, please notify your Recruiting Representative.

Equal Opportunity Employer
FoxholeTechnology is an Equal Opportunity Employer. We welcome and encourage diversity in our workforce. It is the policy of Foxhole Technology to provide equal employment opportunity to all employees and qualified applicants without regard to race, color, religion, national origin, sex, age, disability, pregnancy, sexual orientation, gender identity, transgender status, genetic information, protected veteran status, or any other protected characteristic under federal, state or local laws.

Click Here to view the Pay Transparency Policy Statement.

Click Here to see your rights under the Family Medical Leave Act.
Click Here for a summary of EEO rights on the "EEO is the Law" poster.
Foxhole Technology participates in E-Verify. Download the PDF for more detail

Former Employees
We invite and encourage former employees to explore new opportunities with us. Rejoining the company can enhance newly acquired skills and build on the strong fundamental skills developed at Foxhole Technology. Employees that return to the company may be eligible for reinstatement of some benefits based on total years of service.