Key Facts

Remote From:

Anywhere

Full time

English

Hard Skills

Other Skills

•
Communication
•
Leadership
•
Teamwork
•
Analytical Thinking
•
Detail Oriented
•
Problem Solving

Roles & Responsibilities

Expert ability to write Splunk queries, reports, and dashboards
Extensive knowledge of networks, firewalls, intrusion detection systems, web proxies, and Windows and Linux administration
Experience working in AWS including writing AWS Lambda functions
Proficiency in Python or a similar scripting language with prior system administrator experience

Requirements:

Identify and detect security incidents by daily review and analysis of system and network logs, configurations, and behavior
Lead incident response program, including writing procedures and policies, identifying gaps, and ensuring a high level of excellence and maturity
Lead incident response activities, interface with enterprise SOC, management, and system administrators, contain breaches, and direct recovery actions
Implement Security Orchestration, Automation, and Response (SOAR) playbooks using tools including AWS Lambda

Georgia IT, Inc.

About Georgia IT, Inc.

Georgia IT, Inc. provides IT Consulting for a wide range of IT services and custom build turn-key enterprise solutions. GIT specializes in improving business scalability and efficiency through BSM and SBA Solutions. GIT transforms business with service management and service automation solutions. We are BMC & HP partners. GIT Services include custom built enterprise software and customer-centric web portals, network design and implementation, remote and site-to-site VPN, network and server security assessment and setup, server and desktop virtualization, and many others. GIT also provides IT Consulting in many areas such as Disaster Recovery Planning, Enterprise Data Backup Strategy, Long Term Strategic IT Planning and Augmentation Professional Services Solutions. Professional Services Specialties: Business Process Integration, Software Integration & Development, Web portal, Networking, Remote and site-to-site VPN, Virtualization Solutions, Product Development Please contact us Hrus@georgiait.com / uthay@georgiait.com/470-798-5000 x 1010 / (732) 890-2535 direct

Founded: 2018

Company size: 51 - 200

Website LinkedIn See all jobs →

Job description

Data Security Specialist (Splunk) -100% Remote
Position Type Full time
Start date - ASAP

Job Description

The Senior SOC Analyst will lead, implement, and enhance incident response program and activities.
The analyst will be responsible daily reviewing enterprise system logs, alerts, events, and configurations for security incidents, weaknesses, and policy violations.
The analyst will identify what types of activities need continuous monitoring and will use Splunk queries, alerts, and dashboards to provide appropriate alerting and insights.
The analyst will perform security orchestration, automation, and response activities using a variety of tools including Splunk and AWS lambda functions.
In the event of a security incident, the analyst will be the primary investigator and interface directly with the enterprise SOC and management--providing updates on activities and recommendations for containment and recovery.
The analyst will ensure appropriate procedures and technologies are in place to prevent security breaches and provide recommendations for improving organizational application and system architectures to thwart potential compromises.
The analyst will ensure incident response program complies with all Treasury directives, policies, and NIST guidance. Key Tasks and Responsibilities
Identify and detect security incidents and compromises in the organization by daily review and analysis of system and network logs, system configurations, and system behavior.
Lead incident response program including writing procedures and policies, identifying gaps, and ensuring a high-level of excellence and maturity.
Lead incident response activities, interface with enterprise SOC, management, and system administrators, recommend and institute preventative measures, identify causes of any breach, contain the breach, and direct recovery actions of a breach.
Implement Security Orchestration, Automation, and Response (SOAR) playbooks using a variety of tools including AWS lambda functions.
Review system logs and behavior for policy violations and takes corrective action
Writes Splunk Reports and Dashboards in response to a variety of Infosec needs
Monitor alerts and health of a variety of endpoint security systems such as FireEye and Windows Defender
Identify system vulnerabilities and architectural or process flaws that could lead to a security incident and provide recommendations for mitigation Education & Experience
Must be able to quickly and expertly write Splunk queries, reports, and dashboards.
Must have extensive knowledge of networks, firewalls, intrusion detection systems, web proxies, and Windows and Linux systems and administration.
Must be able to identify, understand, and mitigate system vulnerabilities and threats.
Must have experience working in AWS including writing of AWS lambda functions
Most be able to code in python or similar language
Must have had prior system administrator experience
Must have experience performing various types of penetration testing on systems using standard pen testing tools.
Must have extensive experience working as a SOC analyst
Possess knowledge of Federal security regulations, standards, and procedures including FISMA, FIPS, NIST, and FedRAMP
Scripting/Programming experience in Python, Perl, PowerShell or Bash.
Firewalls and internet proxy devices
Security monitoring practices
Unix or Linux shell environments
Event flows (i.e. Syslog)
Security Information Event Management (SIEM)
Experience working in a large government or corporate enterprise environment. Certifications
Splunk Architect Certification, Splunk Certified Administrator (Must Have)
CISSP, SANS GIAC, Security+, Network+, Linux+, MCSE, RHCE or CCNA-Security preferred