Journeyman Cyber Security Engineer
Role details
Job location
Tech stack
Job description
Kentro is seeking a Journeyman Cyber Security Engineer (Splunk) to support the U.S. Special Operations Command (USSOCOM) Enterprise Development, Application and Training (EDAT) Zero Trust initiative. This position provides engineering and operational support for Splunk Enterprise and Splunk Enterprise Security (ES), assisting with the implementation, integration, and optimization of User and Entity Behavior Analytics (UEBA), Security Information and Event Management (SIEM), and Security Orchestration, Automation, and Response (SOAR) capabilities., The Journeyman Cyber Security Engineer will work as part of a multidisciplinary Zero Trust team supporting the Department of Defense (DoD) Visibility and Analytics pillar while helping automate cybersecurity operations. This role contributes to the deployment, tuning, and maintenance of Splunk capabilities, supports RMF activities, and assists senior engineers in delivering secure, scalable cybersecurity solutions., * Support implementation, administration, and optimization of Splunk Enterprise and Splunk Enterprise Security (ES).
- Assist with onboarding, normalizing, and validating security telemetry from enterprise systems and network devices.
- Configure and tune dashboards, searches, alerts, correlation rules, and reports to improve threat detection and operational visibility.
- Support UEBA and SOAR integrations within the Zero Trust architecture.
- Assist with workflow development and automation to improve incident response and operational efficiency.
- Work collaboratively with ISSOs, cybersecurity engineers, and other government and contractor personnel supporting the Zero Trust initiative.
- Support RMF activities, including documentation updates, security control implementation, and Authorization to Operate (ATO) package maintenance.
- Assist in interpreting and implementing DISA Security Technical Implementation Guides (STIGs) and cybersecurity compliance requirements.
- Participate in security assessments, vulnerability remediation efforts, and system hardening activities.
- Troubleshoot Splunk platform issues, data ingestion problems, and integration challenges.
- Provide technical recommendations for improving security monitoring and operational processes.
- Document engineering configurations, standard operating procedures, and technical implementation guides.
- Support incident response, log analysis, and cybersecurity investigations as required.
- Collaborate with senior engineers to implement best practices and continuous improvements across the Zero Trust environment.
Requirements
- Education: Bachelor's degree in Computer Science, Information Systems, Cybersecurity, Engineering, or a related field; or Ma/MS
- Experience: At least 3 years of relevant experience
- Technical Skills:
- Experience with Splunk administration and engineering.
- Experience with Splunk Enterprise Security (ES) operations and configurations.
- Experience with Splunk telemetry integration, workflow engineering, and tuning
- Proficiency with Unix and Windows environments.
- Certification Required:
- DoD 8570 IAT Level II/ DoW 8140 (511) or Advanced certification (e.g., CISSP), * Splunk certifications such as Splunk Certified Cybersecurity Defense Architect, Splunk Enterprise Certified Architect, Splunk Certified Cybersecurity Defense Engineer, Splunk Core Certified Advanced Power User, Splunk Core Certified Consultant
- Experience with scripting or programming languages (e.g., Bash, Python, Java, Perl, .NET).
- Familiarity with developing and deploying operational and security use cases within Splunk.
- Familiarity with DoW & NSA Zero Trust Guidance
- Familiarity with DoW RMF ATO process and answering controls
- Familiarity with USSOCOM SOFNET