Administer the Splunk based log management system and analyze the current logging capabilities
Ensure the Agency Information Security systems administered by the Team are sending all required logs to the log management system
Ensure the Information Security systems administered by the Team are sending all required logs to the log management system
Maintain the Log Management and Security Information and Event Management (SIEM) system to collect and aggregate IDS/IPS data from network sensors, raw data from collection agents, firewalls (including but not limited to Layer 7 Application Firewalls), proxy servers, DLP, antivirus/endpoint protection software, and vulnerability scanner elements, and other important systems
Tune the SIEM and IDS/Intrusion Prevention System (IPS) events to minimize false positives
Generate vulnerability tickets in Jira and ServiceNow for vulnerability remediation
Tune the capabilities as practicable to improve efficiency and ensure that reporting capabilities of the log management system are working properly
Validate that log retention requirements are configured properly within the log management system
Identify shortfalls in the current capability and identify systems that are not sending logs to the client log management system
Work in conjunction with client to develop required dashboards and Splunk Playbook
Recommend improvements to current processes
Provide technical guidance to administrators of other IT systems to ensure their logs are sent to the client log management system
Configure client log management system role-based access controls so that logs for specific systems can only be accessed by designated administrators
Integrate Qmulos within Splunk log and manage compliance within Qmulos
Configure Splunk User Behavior Analytics working with the Security team.
Working with the security team, develop SOAR Security Orchestration, Automation and Response strategies.
We are a company committed to creating inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity employer that believes everyone matters. Qualified candidates will receive consideration for employment opportunities without regard to race, religion, sex, age, marital status, national origin, sexual orientation, citizenship status, disability, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to
HR@insightglobal.com. The EEOC "Know Your Rights" Poster is available
here.
To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:
https://insightglobal.com/workforce-privacy-policy/ .
Knowledge of cybersecurity principles and experience in security operations.
Experience with security incident response and vulnerability management
Experience migrating from on-premises Splunk to Splunk Cloud
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.