SIEM Engineer

The position is fully remote, but candidates must be close enough to the HHS site in Washington, D.C., to obtain their PIV card.

Job Description
Base-2 Solutions is seeking a SIEM Engineer who will provide Splunk Engineering support to partner with security tools and infrastructure management teams to administer and manage the department's Splunk solution, facilitate data ingestion, analysis, correlation, and visualizations. The Splunk Engineer will enable our customer to fully deploy a Department Security Information and Event Management (SIEM) program utilizing Splunk Enterprise Security Tools.

Responsibilities

• Design and implement a technical infrastructure based on functional requirements for new and existing Splunk instances.
• Participate in requirements gathering, architecting, building, and supporting operational teams throughout the agency.
• Design and implement content management solutions to provide search, reporting, applications, and visualizations.
• Develop guidance on data analysis and reporting, including the use of machine learning models and complex data analysis.
• Maintain, upgrade, and operate Splunk systems while providing guidance and assistance across teams.
• Integrate automation, applications, and systems monitoring.
• Provide extensive knowledge of Splunk and educate the customer's Splunk users on search, reporting, and visualization development.
• Assist with Data Enrichment to improve reporting, search, and dashboard capabilities.

Required Qualifications

• 4+ years of SIEM/Cyber Security engineering experience, as evidenced by work history.
• Flexibility to meet any threat scenario 24/7/365 as mission dictates.
• Must be a US Citizen with an active DoD Public Trust Clearance.

Desirable Qualifications

• Prefer candidate to possess one or more of the following certifications:
  • Certified Ethical Hacker (CEH) or other equivalent cyber certification(s)
  • Splunk Core Certified Consultant
  • Cribl Certified User
  • Security Tool Certifications (e.g., Cisco, Palo Alto, etc.)
• Experience integrating and using Automation tools (Ansible, Terraform)
• Experience with cloud-based technologies (AWS, Azure)
• Experience with NOC technologies and metrics
• Desire to learn advanced SOC methodologies using Splunk ES
• Experience with Security Orchestration, Automation and Response (SOAR) tools and technologies (e.g., Splunk Phantom, Ansible, Python, etc.)