Splunk Admin/SIEM (Security Information and Event Management) Engineer active TS/SCI Polygraph

Company: Leidos
Location: Alexandria
Posted on: April 1, 2025

Job Description:

DescriptionCome join our exciting and fast-growing National Security Group! $15k SIGN ON BONUS! Must have an active TS/SCI Polygraph up front to qualify (this is firm).Work locations available include: Annapolis Junction, MD; San Diego, CA; Aurora, CO; or Alexandria, VA.The Program is looking for a SIEM (Security Information and Event Management) Engineer / Splunk Admin to join a high performing agile team using the Scaled Agile Framework (SAFe) methodology to support a large, complex, fast-paced program. Program execution follows DEVOPS best practices and employs robust development, test, and production environments. We are using Behavior Driven Development (BDD) and test automation tools alongside a full suite of team collaboration tools. The program provides system engineering, development, test, integration and operational support for a program that is focused on injecting new technology and adding advanced capabilities while continuing to support an on-going mission and operational system.The selected candidate will be responsible for configuring the collection, parsing, correlation, and visualization of events for a critical operational system. In this exciting role you will demonstrate strong skills in system administration, log management, event correlation, and threat detection, and will support building and maintaining a system that analyzes collected data and derives facts, inferences, and projections to determine if the systems being monitored are operating normally; work on a team responsible for configuring the systems which support analysts and end-users; support the collection and extraction of data used to refine existing and new reports, analytics, and dashboards, and will be involved with the drafting and creation of reports and dashboards based on end-user requirements. You will also support the integration of resources across teams to better define the audit data being collected to eliminate false positives and false negatives from the data.Basic/Required Qualifications

• Bachelor's Degree in Computer Science, Engineering, Information Assurance, or a related discipline and at least 8 years of related experience. Additional experience may be substituted for a Degree.
• At least 2 years of experience with one or more of the following: StealthWatch, TripWire, Zenoss, ArcSight, Splunk.
• Splunk Certified Admin strongly preferred. If not Certified, must have extensive, in-depth experience in the engineering and administration of SPLUNK.
• Experience in design, implementation, and support of Splunk core components, including: indexers, forwarders, search heads, and cluster managers.
• Experience with configuration and administration of Splunk ingestion and forwarding for new and existing applications and data.
• Experience with troubleshooting Splunk dataflow issues between the various Splunk core components.
• Experience configuring and deploying data collection for a variety of operating systems and networking platforms.
• Experience creating Dashboards and Analytics within SIEM tools.
• Experience working with monitoring systems supporting auditing, incident response, and system health.
• Must have a solid understanding of networking components and devices, ports, protocols, and basic networking troubleshooting steps.
• Must have the ability to troubleshoot issues with log feeds, search time, and field extractions.
• Must have the ability to troubleshoot problems related to data solutions.
• If not located in Maryland, must be available to travel up to 25% of the time.Preferred Qualifications
  • Network Security Operations Center (SOC) experience.
  • Experience and talent in data visualization.
  • Extensive experience creating workflows for Incident Response within a SIEM Tool.
  • Security+ Certification.
  • GIAC Certified Incident Handler Certification.
  • GIAC Cyber Threat Intelligence Certification.
  • Cybersecurity certifications.
  • Formal SIEM training.
  • Experience working on an Agile team/program.Pay Range: Pay Range $104,650.00 - $189,175.00The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
    #J-18808-Ljbffr

Keywords: Leidos, Alexandria , Splunk Admin/SIEM (Security Information and Event Management) Engineer active TS/SCI Polygraph, Executive , Alexandria, Virginia