Splunk User and Entity Behavior Analytics (UBA) Engineer

Edgewater is seeking a Splunk User and Entity Behavior (UBA) Engineer to support the Security Program Support Services team of the National Institute of Health (NIH). As a Splunk User and Entity Behavior (UBA) Engineer, you’ll join a Cyber Security Ops organization that supports a leading federal healthcare client.

• Maintain and operate Splunk application monitoring tool as part of the client Cybersecurity network and application audit and monitoring program within the Threat Monitoring and Incident Response (TMIR) team.
• Apply strategic, operational, and tactical cyber intelligence to improve security operations.
• Lead and/or support efforts to prepare for, monitor, detect, analyze/confirm, contain, remediate, and recover from security incidents
• Develop & Implement Actionable Alerts and Workflow for Splunk as a CISO Monitoring tool
• Develop and Implement Apps & Knowledge Objects (KO) like Dashboards, Reports, Data Models
• Provide Analyst training and workshops on using Splunk
• Develop and implement automation and efficiencies with Splunk
• Communicate with customer stakeholders to include leadership, support teams, and system administrators.
• Conduct deep analysis and hunting operations.
• Configure incident response and remediation workflows for ES
• Perform TMIR technical writing and creation of formal documentation such as reports, training material, and architecture diagrams.
• Develop and build excellent relationships with prospects, clients, and internal team members.
• Co-lead client calls and communications including the development of presentations, status reports, and requirements documents.
• Ability to take direction and achieve quality results, independently strive for personal excellence when completing tasks.

• BS/BA degree in information technology and 12 or more years of work experience in information technology
• In lieu of a degree, relevant experience is applicable. 
• U.S. Citizenship is required per contract to obtain and maintain a U.S. security clearance.
• Experience in a rapid paced, time sensitive, high-quality environment.
• At least 5 years of strong problem-solving capabilities and the ability to effectively communicate solutions.
• One or more certifications in information security (such as GCIA, GCIH, CEH, CISSP, SSCP, Sec+, etc)
• Sound cyber security knowledge foundation, to include understanding of:
• Strong understanding of Adversary TTPs, Network & Host Security
• At least 5 years of Splunk and SIEM experience
• At least 3 years of Trend spotting, identifying intelligence knowledge gaps, and performing analysis on threat data.
• High technical ability/aptitude, demonstrated through prior technical experience and accomplishment
• At least 3 years of Endpoint/host forensics experience
• Excellent verbal, written, and interpersonal skills (command of English language)
• Strong written and verbal skills to effectively communicate at all levels in government and industry.
• Exceptionally self-motivated, directed, and detail oriented.
• Must be able to learn, understand and apply new technologies.
• Excellent organizational, analytical and problem-solving abilities.
• Working knowledge of Microsoft Office (Outlook, Word, Excel, PowerPoint, Project, and SharePoint).
• At least 3 years of Experience in a rapid paced, time sensitive, high-quality environment.
• History of ethical performance.
• Exhibit considerable client delivery, business development, and proposal development experience.
• Strong management, teamwork, and interpersonal skills against difficult due dates and timelines. Strong customer service focus to meet the needs of internal and external customers.
• Professional, pleasant, and polished demeanor.
• Ability to work collaboratively with others.
• Ability to maintain confidentiality of sensitive information within and external to EdgeWater, using own judgment.
• Strong eye for small details that make a difference.

Desired:

• Ten or more years of cyber security work experience in Threat Hunting, Splunk Content Development, and Incident Response.
• Active Public Trust clearance
• Experience and effective participation in hunt, computer network defense, real-time analysis and incident response activities, to include ability to reconstruct events from network, endpoint, and log data
• Experience and understanding of host-based/endpoint protection systems

About Us: 

Edgewater Federal Solutions is a privately held government contracting firm located in Frederick, MD. The company was founded in 2002 with the vision of being highly recognized and admired for supporting customer missions through employee empowerment, exceptional services and timely delivery. Edgewater Federal Solutions is ISO 9001, 20000-1, 270001 certified, appraised at CMMI Level 3 Maturity for Development and Services, and has been named in the Top Workplaces in the Greater Washington Area Small Companies for 2018 through 2024.

It has been and continues to be the policy of Edgewater Federal Solutions to provide equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, marital status, veteran status, and/or other statuses protected by applicable law. #LI-KC1