#R-00144444
News! Program is offering additional Paid Time Off or a Sign-on Bonus!**
Primary Responsibilities:
Analyze log events and other data across disparate sources; implement and leverage the latest operational capabilities (such as incident management, dashboards, and reporting); as well as Security Orchestration, Automation, and Response (SOAR) in order to resolve anomalous activity in a prescribed, repeatable, and automated fashion.
Work with stakeholders directly to build, design, deliver, re-write, and maintain efficient, reusable, and reliable security automations using Splunk SOAR.
Create custom content and playbooks that interact with other tools/devices on the network to automate security response actions based on alerts / threats.
Configure, use and maintain a stack of deployed detection technologies; ticketing system integrations, SIEM integration (i.e., Splunk Enterprise Security); Splunk Enterprise Security detections that use Risk-Based Alerting (RBA); deployment of common detection technologies across common control points, including endpoint, network, email and cloud; stream of sources identified for threat intelligence integration; identity and access management tool deployment; API compatibility across existing technologies.
Be responsible for the lifecycle of an automation playbook, from requirements gathering and planning to design, testing, implementation, and maintenance.
Create detailed technical documentation pertaining to SOAR automations and collaborate with other internal teams as part of setting up SOAR integrations.
Basic Qualifications:
Bachelor's degree with 8+ years of experience or a Master's degree with 6+ years of experience. Additional years of experience, certifications or trainings may be considered in lieu of degree.
Active DoD TS/SCI clearance.
Current IAT Level II DoD Approved 8570-M Baseline Certification (e.g. Security+ce or equivalent) or the ability to obtain within 30 days from date of offer of acceptance.
5+ years of demonstrated experience in in Splunk Security Orchestration, Automation, and Response (SOAR)/Phantom, including developing playbooks, implementing integrations and troubleshooting.
Deep understanding of Splunk Administration (not just user knowledge).
Experience performing software integrations with Trellix, Cisco, Exchange, and Windows and Linux.
2+ years of hands-on experience using Splunk for both searching data and data analysis and for passing data to SOAR.
Hands-on knowledge of programming languages, APIs, and integrations to include strong programming skills in Python for automation.
Process improvement experience.
Preferred Qualifications:
Current IAT Level III DoD Approved 8570-M Baseline Certification (e.g. CISSP or equivalent).
Splunk Certified Enterprise Security Administrator.
Experience with modeling languages like UML for structure, behavior, and interaction diagrams.
Ability to use Jira and ServiceNow for ticket tracking.
Technical writing skills for creating Standard Operating Procedures (SOPs) and other supporting documentation.
Completion of both "Developing SOAR Playbooks" and "Advanced SOAR Implementation" Training courses from Splunk.
Experience in Security Operations Center (SOC) workflows and the processes for alert triage, defining incident investigation at varying levels of severity, capturing critical metrics to measure SOC effectiveness, evaluating lessons learned after critical incidents, leveraging metrics for operational improvement, use standard incident response methodologies.
Experience in integrating MITRE ATT&CK detection framework.
NITESONI
EIO2024
Original Posting Date:
2024-09-25
While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
Pay Range:
Pay Range $101,400.00 - $183,300.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.