Sr Engineer - Knowledge Manager (2)

Company: Matlen Silver
Location: Marietta
Posted on: March 26, 2020

Job Description:

Location Marietta, GA Data librarian Interface with anyone onboarding new data Evaluate people in a security context 3-5 years experience Splunk experience Scripting, programming experience Interfacing with a lot of team Data mapping Information model Top skills Splunk, creating custom dashboards and apps within Splunk, creating custom analytics, proficient in scripting languages Job Description The Security Analytics Knowledge Manager responsible in building and maintaining an information repository designed to capture all relevant data records associated with various security controls and technologies. This information repository will be used to capture structured data elements used to provide valuable contextual enrichment of cyber security s asset and application data warehouse and SIEM environment. The knowledge manager will also be responsible for deploying various Splunk related configuration (knowledge objects) as it relates to the common information model. As new security relevant data sources are on boarded to Fiserv s Splunk environment, the knowledge manager will be responsible for assuring that the data is complete, accurate, and parsed in accordance to the common information model used by CSIRTSOC consumers. This position will also involve participation in major initiatives such as the EAM (enhanced application monitoring) program as well as other focused efforts related to analysis, design, and the implementation of advanced business logic leveraging Splunk based solutions. Job Specific Responsibilities Engage in data lifecycle management of new data sources onboarded into Splunk and assuring knowledge object configurations to adhere to a CIM (Common Information Model). Deploy and manage custom Splunk solutions leveraging various Splunk knowledge objects such as, but not limited to, lookups, summary indexes, field extractions, reports, alerts, workflow actions, and dashboards. Interact with various cyber security teams in performing information collection, data onboarding, data analysis, and data quality assurance. Assist cyber security end users to create, test, and implement custom Splunk search queries and dashboards to meet operational, tactical, and strategic metric reporting needs. Contribute to creating advanced correlation business logic authoring in relation to SOC use case monitoring and security program governance reporting. Coordinate efforts related to the ingestion of application logs from multiple line of business application owners. Collaborate with various teams to collect, document, and maintain a system of record for security control and technologies. Recommend, design, test, and implement best-in-classbest practice Splunk solutions for new use case requirements defined by cyber security partners. Preferred Qualifications Bachelor's degree in Computer Science, Engineering, Information Technology, Cyber Security, or related field. Minimum of 5+ years of professional experience in ITSecurity industry space. 3-5 years of experience working with Splunk Enterprise and Splunk Premium apps, DB Connect and Splunk Enterprise Security, ELKElasticsearch, at multiple client environments. 4-5 years of experience with engineering and administrating large distributed clustered Splunk environments consisting of search heads, indexers, deployers, deployment servers, heavy forwardersuniversal forwarders. Minimum of two years of demonstrated experience in an information security technical role (engineering or operations) supporting high transaction volume-oriented business customers, preferably at financial institutions. RegexScriptingprogrammingRDBMS knowledge (shell, batch, perl, python, php, Oracle, MSSQL, others) Familiarity with cloud-based and on-premise multi-platform environments with key understanding of operationalsecurity risk considerations. Possess strong analytical, technical, and problem-solving abilities. Strong sense of self-motivation ability to identify problems and develop solutions. Ability to manage time and priorities with multiple concurrent tasks and projects. Desired Knowledge, Skills, Abilities Understanding of cyber security threat modeling frameworks such as, but not limited to, MITRE ATTCK and Cyber Kill Chain. Fundamental knowledge of firewalls, networking, operating systems, databases, and storage, and applied information security technologies including, but not limited to, intrusion detectionprevention systems, endpoint management, network security, identify management, content filtering, main frame security, web application firewalls, email security, anti-virus, and business fraud monitoring. Experience working with open-sourced solutions related to SIEM and log event management solutions such as, but not limited to, Alien Vault, ELK stack, and e.g. is strongly desired. Experience working with BI visualization technologies such as, but not limited to, Tableau, Power BI, Cognos, e.g. is a plus. Experience working with industry leading document management systems such as Sharepoint, Confluence, e.g. Experience using SQLODBC interfaces and app development using REST API frameworks is a plus. Current Splunk Core Admin Splunk Core Architect certification desired. Other security certifications (e.g. Cisco Certified Network Associate (CCNA) Security, Security Essentials Certification (GSEC), GIAC Certified Enterprise Defender (GCED), Certified Perimeter Protection Analyst (GPPA), and Certified Information Systems Security Professional (CISSP)) is a strong plus.

Keywords: Matlen Silver, Marietta , Sr Engineer - Knowledge Manager (2), IT / Software / Systems , Marietta, Georgia