Splunk Content Developer/Consultant in McLean, VA at Booz Allen Hamilton Inc.

Date Posted: 11/13/2018

Job Snapshot

  • Employee Type:
    Full-Time
  • Location:
    McLean, VA
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:
    11/13/2018

Job Description

Job Number: R0034501

Splunk Content Developer/Consultant

Key Role:

Work as part of an integrated and growing team to develop a new solution to monitor and detect Cybersecurity threats in Industrial Control System (ICS) environments. Work with a team of industrial, Splunk, and Cybersecurity experts to develop use cases, data models, and connectors within Splunk to meet the product's overall objectives. Work with clients across the commercial and government space to pilot the solution in real-world environments. Contribute to the overall success of the product roadmap leading up to a successful general availability release in the coming year. Act as a Splunk Search Language (SPL) expert, developing network or endpoint-based anomaly detection alerting logic in SPL and building dashboards to visualize results. Conduct research in security principles, host- and network-based security technologies, industrial control system devices, machine learning algorithms, and attack and mitigation methods. This position requires travel based on client and project needs.

Basic Qualifications:
-3+ years of experience with Splunk, network security, and system security and supporting security event management tools, including SIEMs
-2+ years of experience with rule and advanced logic creation in Splunk
-Experience with using scripting languages to automate tasks and manipulate data
-Experience with working in a large enterprise environment
-Experience with integrating solutions in a multi-vendor environment
-Knowledge of enterprise logging with a focus on application logging
-Knowledge of regular expressions
-Ability to obtain a security clearance

Additional Qualifications:
-Experience in an incident response role, including performing hunt activities
-Experience with enterprise-scale operations and maintenance environments
-Experience with operational technology (OT) or industrial control systems (ICS)
-Experience with programming a plus
-Experience with Python
-Experience with various security tools, including Wireshark, Nessus, Nmap, Burp, Proxy, or Snort
-Knowledge of networking protocols
-Ability to be a Splunk language (SPL) expert
-BA or BS degree in CS, IT, or a related field
-Splunk Power User or Architect Certification

Clearance:
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status—to fearlessly drive change.

SIG2017

Your Career is Waiting.

Get job alerts. Learn about new work and upcoming events. Share open roles with friends and colleagues.
Our Talent Network is your opportunity hub.


Get Answers and Access.

Need more information? Find it in our FAQs.

Application already in-process? Log in to keep going.