Edgewater Federal Solutions is currently seeking a Senior Detection Engineer to provide support to an Edgewater Federal government contract. The Senior Splunk Detection Engineer will be leading the detection strategy for a large government enterprise. They will help create a robust proactive approach for detecting a wide variety of threats utilizing a range of cyber security tools and data sources.
Responsibilities Implement and lead detection engineering programIdentify detection gaps, make recommendations for addressing those gaps and track projects to completionEvaluate data sources and data quality and make recommendations for improvementsDrive the maturity of the detection engineering capability forwardLead a team of 2 to 5 junior detection engineersContribute to the integration of detection engineering with other cybersecurity capabilities, such as SOC, IR, CTI, Threat Hunt and Red TeamsActs as a Subject Matter Expert in Splunk. Provide Analyst training and workshops on using Splunk. Make recommendations for best practices in developing Splunk detection content. Qualifications Bachelor’s degree in a technical field and 10 years’ experience. (Additional education and/or experience may reduce these requirements)At least 5+ years in a detection engineering roleU.S. Citizenship is required per contract to obtain and maintain a U.S. Security clearance.Splunk ExperienceSplunk expert with years of hands-on experienceDevelop and maintain quality queries, dashboards, custom views, saved searches and alerts for internal technical operations team business application ownersExperience with Splunk Enterprise SecurityStrong understanding of data normalization concepts and how to implement them in SplunkDetection Engineering ExperienceExpert level understanding of a variety of detection strategies and how to implement them in a large enterprise organizationSolid understanding of Mitre ATT&CK and how to map detection coverageExperience working in a Detection as Code environmentThorough understanding of modern cybersecurity threats against large enterprise organizations including cloud, identity, endpoint and networkLeadership ExperienceExperience leading small teams of cybersecurity professionals.Strong analytical, documentation, and communication skills and the ability to collaborate well in a dynamic team environment.Desired Qualifications
Relevant Splunk certificationsNetwork signature creationKnowledge of KQLExperience with a variety of EDR toolsFamiliarity with other SIEM platformsCybersecurity automation and scripting using PythonTool integration and event correlation with differing API’sPrevious experience working in a 24x7 SOC environmentPrevious experience in Incident Response rolesSalary : $150,000.00 - $200,000.00
Additional Benefits:
Paid Time Off & Holiday PayMedical InsuranceDental InsuranceVision InsuranceDisability, Life Insurance, and AD&DFlexible Spending AccountsPre-Tax 401K and/or After-Tax Roth IRA (with employer matching contribution)Tuition and Technical Training ReimbursementExercise ReimbursementComputer ReimbursementEmployee Assistance Program
About Us:
Edgewater Federal Solutions is a privately held government contracting firm located in Frederick, MD. The company was founded in 2002 with the vision of being highly recognized and admired for supporting customer missions through employee empowerment, exceptional services and timely delivery. Edgewater Federal Solutions is ISO 9001, 20000-1, 270001 certified, appraised at CMMI Level 3 Maturity for Development and Services, and has been named in the Top Workplaces in the Greater Washington Area Small Companies for 2018 through 2024.
It has been and continues to be the policy of Edgewater Federal Solutions to provide equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, marital status, veteran status, and/or other statuses protected by applicable law.#LI-KC1
Options Apply for this job onlineApplyShareEmail this job to a friendRefer Sorry the Share function is not working properly at this moment. Please refresh the page and try again later. Share on your newsfeed Application FAQsSoftware Powered by iCIMS
www.icims.com