Remote: N
Salary: $80-90/hr
Location: Dulles, VA
Clearance: Secret
The Continuous Diagnostics and Mitigation (CDM) Data Integration Engineer will assist with the integration of CDM data sensors with the CDM data aggregator. The Engineer will be responsible for working with the product SMEs for Tenable Security Center, Forescout CounterACT, McAfee ePO, and SailPoint IdentityIQ technologies to manage the data connections to Splunk. While these are the currently defined CDM tools, the Engineer will be responsible to integrating any new CDM data sources.
Required Certifications: AWS Certified Security-Specialty Certification or AWS Certified Solutions
Desired Certifications: CCISP • Splunk Core Certified Power User • Splunk Enterprise Certified Admin
- Two years of related work experience may be substituted for each year of degree level education.
- A Master’s degree in a related discipline may substitute for two (2) years of experience.
- A PhD may substitute for four (4) years of experience.
Qualifications:
- Must be a US Citizen
- Must have an active SECRET clearance with ability to obtain a TS/SCI
- Must be able to obtain DHS Suitability prior to starting employment
- Required Education: Bachelor’s degree in Systems Engineering, Computer Science, Information Systems or related technical field.
- Required Certifications: AWS Certified Security-Specialty Certification or AWS Certified Solutions
- 8+ years of related experience directly relevant cyber security engineering experience Splunk design/implementation and support effort
- Splunk Power User skills to include:
- Ability to create regex searches
- Ability to create lookups
- Ability to create summary indexes
- Ability to create statistical reports and graphs
- Ability to configure DBConnect app o Ability to configure Tenable Add-On app
- Ability to maintain data models
- CDM Sensor technologies capabilities and data knowledge:
- Tenable Security Center/Nessus – for vulnerabilities and configuration monitoring
- Forescout CounterACT – eyeSight, Splunk HTTP event forwarder, DEX connector
- McAfee ePolicy Orchestrator applications – Application Control and Policy Auditor o SailPoint IdentityIQ
- Communication skills to include:
- Updating system documentation
- One-on-one training of product SMEs via virtual and on-premise communications
- Assist large group training of CDM data usage via virtual and on-premise communications
Desired Skills:
- Experience in the following AWS technologies: Lambda, EMR, CloudFormation, CloudTrail, CloudWatch, Route53, IAM, Cognito, Athena, Sagemaker, Glue, ELB
- Familiarity in the following AWS technologies: GuardDuty, Security Hub, Config, SSM, SNS, SQS, S3/Glacier, KMS, Certificate Manager, Secrets Manager, CLI, EC2, EBS, WAF Security Groups, NACL, VPC, Availability Zones
- Familiarity with the following technologies in a cloud environment: Elk Stack (ElasticSearch, Logstash, Kibana), Ansible, Nessus, ClamAV, AIDE, Splunk, DNS, NAT, git
- Azure cloud technology knowledge and implementation experience
- Experience with AWS technologies, and migrations from on-prem to AWS
- Experience with agile tools, including Jira and Jira Align
Responsibilities:
- Mapping CDM data types to data elements within the CDM sensors
- In collaboration with the product SMEs, determine the best integration method between the CDM sensors and Splunk
- In collaboration with the product SMEs, create the appropriate reports and data exports for their technology
- In collaboration with the Splunk SME, integrate the CDM sensor data into the CDM Splunk repository
- In collaboration with parent CDM organization, create data export processes to allow data to flow from the local CDM data repository to the parent CDM organization
- Support the product SMEs to update CDM sensor data collection and formatting as agreed upon with parent CDM organization
- Validate and monitor data quality within the CDM repository.
