Requisition Number: SECUR02837
Requisition #: SECUR02837
Job Title: Security Engineer II
Location: Herndon, VA 20170
Clearance Level: Background Check
Certification(s): Linux or Splunk certification (preferred)
**Selected applicants may be subject to a government security investigation and must meet eligibility requirements for access to classified information. **
The Smithsonian Institution is a public trust whose mission is the increase and diffusion of knowledge. The Smithsonian was established by the United States Congress and includes 19 museums, the National Zoological Park, 9 research centers and numerous research programs.
The Smithsonian’s assets include a variety of critical information resources, such as collections information, digital collections, research data, intellectual property, donor information, financial data and transactions, computing assets (hardware and software), etc.
The Security Operations Center (SOC) in the Office of Chief Information Officer (OCIO) provides key security operations capabilities to protect the Smithsonian’s network and systems from possible cyber attacks. These capabilities include detecting, monitoring, and responding to potential malicious activities which could result in the compromise of Smithsonian information or services. Capabilities covered by the SOC include vulnerability management, perimeter and end-point protections, audit log and event management and Incident Response (IR). The SOC maintains and uses various security tools to support these capabilities including, but not limited to, Splunk, Nexpose, Qualys, F5 web application firewall (WAF), Fortinet Fortigate firewalls, Cylance anti-virus software, EnCase, and RSA Archer Security Operations Management.
Agile Defense is looking for a Splunk systems administrator. The Splunk systems administrator will manage a distributed Splunk environment, including indexing cluster, multiple search heads, license server, deployment server and the Linux servers hosting the Splunk software.
The Splunk systems administrator will be responsible for maintaining a reliable Splunk environment. The administrator will monitor system performance, application functionality and license usage. The administrator is responsible for communicating needed changes to the Splunk environment, such as license increases, hardware modifications, and new technologies to enhance availability to the customer.
- Manage the servers and Splunk environment, including Splunk Enterprise Security (Splunk ES) and index clustering
- Offer assistance in threat hunting and correlations in Splunk
- On board data from Windows, syslog, Linux, and API sources into Splunk
- Create queries, alerts, reports, dashboards, and applications in Splunk
- Work with the Incident Response team to create and tune correlation searches in Splunk ES
- Respond to all system issues and outages regardless of time of day
- Be responsible for uptime of the Splunk server hardware (Dell servers), OS (RHEL) and Splunk Enterprise system
- Build and rebuild Splunk servers from bare metal as needed
- Perform regular upgrades to system firmware, Linux OS, Splunk Enterprise,
- Splunk installed applications, and Splunk Enterprise Security
- Tune configuration files for Splunk Enterprise and Splunk ES
- Standardize Splunk data feeds in accordance with the Common Information Model (CIM)
- Maintain complete and concise documentation for maintaining the system, including details on all Splunk ingests and servers
- Follow all change management processes
- Present on a security topic of your choice twice a year to all system managers in the organization
Education and Certifications:
- Bachelor’s Degree
- Linux or Splunk certification preferred.
Background Needed and Years of Experience:
- Five years experience of Linux system administration with at least two years of specialization in Splunk administration.
Additional Skills & Qualifications
Must Have Technical Skills:
- Splunk Enterprise Security administration
- Splunk Enterprise administration
- Linux administration
- Understanding of Windows, Linux, and syslog log formats
Preferred Technical Skills:
- SQL querying
- Clear understanding of FISMA NIST 800-53A controls
- Ability to work independently and with other teams.
- Good writing, interpersonal and communication skills.
Possible off-hours work to support releases and outages. General office environment. Work is generally sedentary in nature, but may require standing and walking for up to 10% of the time. The working environment is generally favorable. Lighting and temperature are adequate, and there are not hazardous or unpleasant conditions caused by noise, dust, etc. Work is generally performed within an office environment, with standard office equipment available.
Sedentary – 10 lbs. Maximum lifting, occasional lift/carry of small articles. Some occasional walking or standing may be required. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.
- Stand or Sit
- Repetitive Motion
- Use Hands / Fingers to Handle or Feel
- Talk or Hear
Agile Defense is an Information Technology Solutions provider committed to partnering with our customers to deliver the highest level of service to our customers. We provided Information Technology (IT) services to the U.S. Government, including several United States Civil agencies and various branches within the U.S. Department of Defense.
Agile Defense has established a solid reputation of partnering with our customers to deliver innovative IT solutions with our “Listen. Think. Innovate.” philosophy.
At Agile Defense, we know that our employees are our most important asset. We believe in our responsibility to our fellow employees, customers, company, and to our country. We promote teamwork, integrity, and creativity; we expect our fellow employees to also live these values.
Agile Defense, Inc. does not discriminate in practices or employment opportunities on the basis of an individual's race, color, national or ethnic origin, religion, age, sex, gender, sexual orientation, marital status, veteran status, disability, or any other proscribed category set forth in federal or state regulations.