Detection Engineer

Overview

Edgewater is seeking a Detection Engineer to support the Security Program Support Services team of the National Institute of Health (NIH). As a Splunk User and Entity Behavior (UBA) Engineer, you'll join a Cyber Security Ops organization that supports a leading federal healthcare client.

Responsibilities

• Maintain and operate Splunk application monitoring tool as part of the client Cybersecurity network and application audit and monitoring program within the Threat Monitoring and Incident Response (TMIR) team.
• Apply strategic, operational, and tactical cyber intelligence to improve security operations.
• Lead and/or support efforts to prepare for, monitor, detect, analyze/confirm, contain, remediate, and recover from security incidents.
• Develop & Implement Actionable Alerts and Workflow for Splunk as a CISO Monitoring tool.
• Develop and Implement Apps & Knowledge Objects (KO) like Dashboards, Reports, Data Models.
• Provide Analyst training and workshops on using Splunk.
• Develop and implement automation and efficiencies with Splunk.
• Communicate with customer stakeholders to include leadership, support teams, and system administrators.
• Conduct deep analysis and hunting operations.
• Configure incident response and remediation workflows for ES.
• Perform TMIR technical writing and creation of formal documentation such as reports, training material, and architecture diagrams.
• Develop and build excellent relationships with prospects, clients, and internal team members.
• Co-lead client calls and communications including the development of presentations, status reports, and requirements documents.
• Ability to take direction and achieve quality results, independently strive for personal excellence when completing tasks.

Qualifications

• U.S. Citizenship is required per contract to obtain and maintain a U.S. security clearance.
• Experience in a rapid paced, time sensitive, high-quality environment.
• At least 5 years of strong problem-solving capabilities and the ability to effectively communicate solutions.
• One or more certifications in information security (such as GCIA, GCIH, CEH, CISSP, SSCP, Sec+, etc).
• Sound cyber security knowledge foundation, to include understanding of:
  • Strong understanding of Adversary TTPs, Network & Host Security
• At least 5 years of Splunk and SIEM experience.
• At least 3 years of Trend spotting, identifying intelligence knowledge gaps, and performing analysis on threat data.
• High technical ability/aptitude, demonstrated through prior technical experience and accomplishment.
• At least 3 years of Endpoint/host forensics experience.
• Excellent verbal, written, and interpersonal skills (command of English language).
• Strong written and verbal skills to effectively communicate at all levels in government and industry.
• Exceptionally self-motivated, directed, and detail oriented.
• Must be able to learn, understand and apply new technologies.
• Excellent organizational, analytical and problem-solving abilities.
• Working knowledge of Microsoft Office (Outlook, Word, Excel, PowerPoint, Project, and SharePoint).
• At least 3 years of Experience in a rapid paced, time sensitive, high-quality environment.
• History of ethical performance.
• Exhibit considerable client delivery, business development, and proposal development experience.
• Strong management, teamwork, and interpersonal skills against difficult due dates and timelines.
• Strong customer service focus to meet the needs of internal and external customers.
• Professional, pleasant, and polished demeanor.
• Ability to work collaboratively with others.
• Ability to maintain confidentiality of sensitive information within and external to EdgeWater, using own judgment.
• Strong eye for small details that make a difference.

Desired:

• Ten or more years of cyber security work experience in Threat Hunting, Splunk Content Development, and Incident Response.
• Active Public Trust clearance.
• Experience and effective participation in hunt, computer network defense, real-time analysis and incident response activities, to include ability to reconstruct events from network, endpoint, and log data.
• Experience and understanding of host-based/endpoint protection systems.

Salary

$120,000 - $140,000