ASRC Federal is seeking a Splunk User Behavior Analytics (UBA) Cybersecurity Engineer II this individual will be responsible for designing, implementing, and optimizing Splunk User Behavior Analytics (UBA) solutions within the DMDC's cybersecurity operations. This role plays a crucial part in threat detection, incident response, and the overall security posture by leveraging automation and machine learning to detect, investigate, and mitigate potential cyber threats.
Key Responsibilities
Design and deploy Splunk UBA solutions to enhance cybersecurity capabilities.
Develop and maintain Splunk dashboards , alerts, and reports for real-time monitoring and threat analysis.
Integrate UBA with various security tools to automate repetitive tasks, such as incident triage and response.
Utilize machine learning models to identify anomalous behavior patterns and potential insider threats.
Collaborate with SOC teams to respond to security incidents, leveraging SOAR for faster and more effective remediation.
Create and optimize playbooks to automate response workflows and reduce incident response times.
Ensure the Splunk UBA system is running efficiently, identifying and troubleshooting any performance issues.
Document processes and workflows for SOAR automation, ensuring scalability and flexibility in the cybersecurity framework.
Conduct regular security assessments to ensure Splunk UBA configurations align with industry standards and DMDC security policies.
Ensure SIEM technologies are integrated & utilized to protect cyber related assets
Defining how logs should be parsed
Writing new correlation searches and Splunk queries
Onboarding of new data sources into the SIEM
Integration of security and system relevant data according to requirements
Install, Operation, and Management of the SIEM platform in terms of content and usability
ASRC Federal Advantages
Learning and Development: After 90 days of employment, regular full-time employees are eligible to participate in our professional development program including funds annually to go towards Associate's, Bachelor's or Graduate Degrees; Industry standard professional certification; A professional certificate program; Continuing education classes; and Registration fees to attend professional conferences.
Employee Resource Groups: That provide our employees the opportunity to collaborate and network with colleges with common interests, backgrounds, and experiences including Women's Impact Network (WIN), Multicultural ERG, Military Community (MILCOM), and Pride ERG for LGBTQ+ employees and allies.
Purpose Driven Careers: Certified Great Place to Work; Certified Military Times' 'Best for Vets' and Military.com 'Top 25 Veteran Employer.'
Benefits: Comprehensive insurance packages including medical, dental, vision, life insurance, and short term/long term disability, as well as a 401K with generous company match and immediate vesting.
#broadleaf
Requirements :
Required Qualifications *: *
Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field. Equivalent work experience may be considered.
Demonstrate and maintain knowledge to meet DOD 8140 requirements through education, training, or personnel certification such as but not limited to an active DoD 8570 IA baseline security certification
5+ years of experience in cybersecurity operations, with specific expertise in Splunk and UBA technologies.
Strong knowledge of SIEM (Security Information and Event Management) systems and the role they play in threat detection and response.
Expertise in scripting languages such as Python , PowerShell , or Bash to automate security tasks.
Experience with security frameworks such as NIST, MITRE ATT&CK, or ISO 27001.
Knowledge of network security protocols , firewalls, IDS/IPS, and endpoint protection solutions.
Strong understanding of cyber threat intelligence and how it can be applied to detect and mitigate cyber risks.
Active secret clearance is required
Preferred Qualifications *: *
Splunk certifications (Splunk Enterprise Certified Admin, Architect, or Consultant).
Experience with cloud security , particularly within OCI environments.
ASRC Federal and its Subsidiaries are Equal Opportunity / Affirmative Action employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.
S:SKINTVAGP1
