• Security Information and Event Management Support

    Job Locations US-MD-Woodlawn
    # of Openings
    2
    Category
    Information Technology
    Agency/Project
    SSA
    Job ID
    2018-2601
  • Overview

    OBXtek Inc. is an established award-winning business providing information technology and professional management services to the federal government. OBXtek is a leader in its field and is committed to identifying, developing, and delivering innovative, mission-focused technical and logistical solutions to over 15 civilian and military partners in the Federal Government.

     

    As a prime contractor for 93% of our current work, we possess a robust corporate infrastructure that provides management oversight and support for all our programs. OBXtek pairs lessons learned across disciplines with industry standard quality practices such as CMMI-Dev Level III, ITIL, 6Sigma, PMI, and ISO to create processes that leverage best practices and result in novel, successful solutions.

    Responsibilities

    OBXtek is currently staffing a Security Information and Event Management Support person to support SSA's OIS division in developing and supporting the Security Operation Center (SOC) Splunk environment. Splunk software captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.

    SIEM Management

    Activities:

    • Create and use Splunk queries and dashboards to identify, categorize, and, if needed, escalate events of interest and manage event data streams;
    • Tune and maintain the Splunk environment;
    • Manage access to the Splunk Enterprise Security Application; and
    • Research and implement advanced event correlation techniques to identify Advanced Persistent Threat and “Zero Day” attacks.

    Splunk Workflow and Content Management

    Activities:

    • Integrate new log sources and data correlation rules into the Splunk environment;
    • Configure and customize existing and new systems and applications; and
    • Advise the agency on matters related to Splunk and security architecture.

    Perform 3rd Tier Security Incident Support

    Activities:

    • Analyze new security incidents when 1st and 2nd tier troubleshooters are unable to determine cause.
    • Recommend course of action to SOC staff and agency management staff.

    Ad Hoc Programming and Script Customization

    Activities:

    • Create ad hoc programs for specific Splunk workflow improvement using PHP, Perl, Batch, Regex and shell:
    • Modify existing code and scripts (PHP, Perl, Batch, Regex, shell) to reflect changing work environment;
    • Optimize existing code and scripts (PHP, Perl, Batch, Regex, shell) to reflect changing work environment; and
    • Customize existing applications using programming language (PHP, Perl, Batch, Regex, shell).

    Develop Threat Intelligence Feeds and Mature Existing Feeds

    Activities:

    • Identify sources that provide Open Source Intelligence (OSINT) that is relevant to SSA systems;
    • Integrate these feeds into Splunk;
    • Design and publish Situational Report (SITREP) reports for both system admins and SSA executive staff;
    • Develop a process to integrate and respond to US-Cert SAR reports; and
    • Develop an impact assessment report for threat feeds and Advanced Persistent Threats (APT).

     

    Qualifications

    • Experience:  Strong background in Splunk is desired; Splunk certifications a plus.
    • 10 years technically related experience.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed