SIEM Content Developer is responsible for developing, customizing, and configuring Splunk apps and dashboards. The candidate will build and integrate content in a Splunk Core and ES environment and provide technical support to NOC and SOC customers to detect, hunt, and mitigate cyber threats.Ability to interact with end users to gather requirements, optimize existing SIEM processes, and leverage Splunk technology to improve detection and analysis methods.Reviews and recommends cyber security solutions to customer problems based on understanding products/systems test results. Provides Splunk support and guidance to NOC and SOC analysts, improves the efficiency of NOC and SOC analysts, operates under deadlines, and can work on multiple tasks.

Job Description

• Support the day-to-day operation of a highly available distributed multi-clustered multi-tenant Splunk deployment.
• Create queries, dashboards, and visualizations to support customer requirements and monitoring of the Splunk deployment.
• Develop custom functions and data management strategies utilizing data transform capabilities and applications.
• Create and manage Splunk knowledge objects, including apps, dashboards, alerts, extractions, tags, workflow actions, and aliases.
• Develop content with regular expressions, performing data interpretation classification and enrichment.
• Develop reports for operational activities and to meet NOC and SOC customer requirements.
• Facilitate excellent problem-solving, critical thinking, and analytical skills with the ability to deconstruct problems.

Required Qualifications and Experience

• Flexibility to meet any threat scenario 24/7/365 as mission dictates.
• Must be a US Citizen with an active DoD Public Trust Clearance.
• Bachelor’s Degree in Information Technology or related field
• Four years of SIEM (e.g., Splunk) Content Development experience

Desired Qualifications

• Certified Ethical Hacker (CEH) or other equivalent cyber certification(s)
• Splunk Core Certified Consultant
• Cribl Certified User
• Security Tool Certifications (e.g., Cisco, Palo Alto, etc)
• Experience or a desire to learn advanced SOC methodologies using Splunk ES
• Experience or a willingness to learn NOC technologies
• Experience with Security Orchestration, Automation, and Response (SOAR) tools and technologies (e.g., Splunk SOAR, Ansible, Python, etc.)