Splunk Data Engineer

Provide overall engineering, and administration in supporting a very large distributed clustered Splunk environment consisting of search heads, indexers, deployers, deployment servers, heavy/universal forwarders, and Splunk Enterprise Security, spanning security, performance, and operational roles Experience creating custom dashboards, writing queries, building, and generating reports, and setting up alerts and notifications Demonstrated proficiency with recognizing and onboarding new data sources into Splunk, analyzing the data for anomalies and trends, and building dashboards, searches, reports, etc. highlighting the key trends of the data Coordinate with the SOC to build threat detection logic and dynamic operational dashboards Implement and manage Splunk apps, queries, dashboards, alerts, and reports to provide actionable insights to various teams Perform log auditing and log management. Work closely with the operations team to monitor systems and environments for security incidents and general security operations. Ensure SC is being updated regularly; address unsuccessful updates of the SC and identify the root cause of the unsuccessful update Administering Red Hat Linux based systems with minimal support, to include patching, creating RPM packages, performance tuning, networking, user management (LDAP), and security Installing, administering, and troubleshooting recent versions of Red Hat 8.x and 9.x Managing and maintaining Red Hat Satellite/Ansible Ability to work within VMWare, VCenter and Nutanix building Red Hat systems Creates and implements methods and procedures for inspecting, testing, and evaluating the security and effectiveness of products and production equipment Administration/operation of information security compliance tools/platforms with a special concentration in managing the Assured Compliance Assessment Solution (ACAS) and ForeScout Configure, operate, and maintain HBSS and its components (ePolicy Orchestrator, McAfee Agent, Data Loss Prevention, Host Intrusion Prevention System, Policy Auditor, Asset Baseline Monitor, and Virus Scan Enterprise) on Windows/Linux creating exceptions to allow essential processes to continue uninterrupted Provide guidance on vulnerability and malware remediation Configure, operate, and maintain ForeScout, Trip Wire and Ivanti tool suites Identify potential conflicts with implementation of any cyber security tools within the enterprise and develop recommendations to remediate these conflicts Assist with periodic and regular security assessments Assist with the development and maintenance of information security policies, standards, and control procedures to enable compliance with RMF Assist with POA&M management, mitigation statement formulation, interfacing with system administrators to resolve open findings of high and at-risk systems Quadrant is an affirmative action/equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, status as a protected veteran, or status as an individual with a disability. "Healthcare benefits are offered to all eligible employees according to compliance mandated by the Affordable Care Act".

Active Top-Secret clearance with SCI eligibility 10+ years of related experience 2+ years of experience in a Splunk role working in a Splunk clustered environment 2+ years of knowledge and experience with ACAS and HBSS administration Working experience with ForeScout Working experience with NESSUS Experience with Tier 3 maintenance support for deployed cyber security technologies Experience with developing and presenting vulnerability information for technical and non-technical audiences Well-developed verbal and written communication skills Must meet DoD 8570.01-M IAT-II baseline certification requirements such as SEC+ or equivalent BS or BA degree in a Computer Science or a related scientific discipline