Splunk SOAR SME

Overview

Edgewater Federal Solutions is currently seeking a Splunk Soar SME to provide support to an Edgewater Federal government contract. This highly skilled and experienced Splunk SOAR / Playbook Subject Matter Expert to join our cybersecurity team. The ideal candidate will have extensive expertise in designing, implementing, and optimizing playbooks within the Splunk SOAR platform to automate incident response and enhance our Federal clients organization's security posture

**Due to the nature of the customer and work, US Citiizenship is required**

Responsibilities

• Apply advanced consulting skills and technical expertise to work with Federal clients in support of new automation capabilities within client development and production environments.
• Work with Edgewater cybersecurity teams, and Federal teams, to identify the right recommendation of tools, techniques, and procedures to translate the client’s needs and future goals into a plan that will enable secure and effective solutions.
• Customize and tailor existing playbooks and develop new ones based on organizational requirements, ensuring they align with security policies and standards
• Take a critical approach to solution design, identifying gaps, providing alternatives, and customizing solutions to maintain a balance of security and business needs.
• Consult and lead vulnerability identification, new threat exposures, and emerging security technologies.
• Integrate playbooks with various security tools, platforms, and technologies to create a seamless and effective incident response workflow
• Work with Stakeholders to design, build, deliver, re-write, and maintain efficient, reusable, and reliable security automation using Splunk SOAR.
• Integrate Splunk SOAR with third-party API’s and third-party services to connect to the SOAR platform.
• Create detailed and comprehensive documentation for playbooks usage, usage guidelines, troubleshooting steps, and best practices.
• Maintain accurate and up-to-date documentation to support automations
• Follow all change management processes and requirements as part of setting up SOAR integrations.
• Develop and present status updates to Federal Leads.

Qualifications

• Basic Qualifications:

  • Strong written and oral communication skills; ability to develop PowerPoint presentations and present to Federal clients.
  • Technical writing skills for creating supporting documentation.
  • Strong understanding of IT security concepts.
  • Familiarity with enterprise change management.
  • Strong deductive reasoning and critical thinking skills.
  • Strong organizational skills.

   

  Desired Skills:

  • 10 years of experience with cybersecurity in SIEM, Incident Response, Threat Intelligence, Infrastructure Security, Network Security, Applications or Systems Security, or Security Operations
  • 10 years of experience with Splunk Development or Splunk SOAR.
  • Information Security certifications such as Security , CISSP, GIAC, or other cybersecurity certifications.
  • Bachelor's degree in Cybersecurity, Computer Science or other related discipline. (additional years of experience may substituted in lieu of this requirement)
  • Experience with third-party integrations.
  • Strong scripting and programming skills  (e.g. in Python PowerShell) for customizing and automating Splunk SOAR workflows.
  • Experience with major integration applications, including integrating tools, designing, writing playbooks, troubleshooting, training, or supporting technical requirements.
  • Ability to produce new playbooks and automate manual security operation procedures per the backlog, automate and orchestrate incident response processes based on requirements from security operations teams, also as new security tools and controls emerge in the marketplace.
  • Ability to help manage an inventory of integrations that enable broader playbook creation.
  • Ability to work on developing connectors with tools to effectively enable end-to-end automation of security operations procedures.
  • Ability to use JIRA and/or ServiceNow for tracking tickets.
  • Experience with log management platforms, including Splunk, ELK Stack, or similar.
  • Experience with cybersecurity tools including, Splunk, FireEye, Microsoft MDE, ServiceNow, Palo Alto, Cofense, Azure, GCP, AWS.

   

  Location: Bethesda, MD (Remote work option available)

   

  Clearance: U.S. Citizenship required and ability to attain a Level 6: Public Trust - High Risk clearance which must undergo a Suitability Determination that includes a Background Investigation (BI) with Periodic Reinvestigation (PRI) reinvestigation every ten years.

   

  It has been and continues to be the policy of Edgewater Federal Solutions to provide equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, marital status, veteran status, and/or other status protected by applicable law.

  #LI-KC1