Splunk Engineer (San Antonio)

Senior Information System Security Engineer

Amentum is seeking a Senior Information System Security Engineer to join our team of passionate individuals in San Antonio, TX. In this role you will support challenging, mission-critical projects that make a direct impact on the Nation's security and intelligence mission.

Your Impact : The mission of the Lone Wolf program is to support, operate, and maintain the Distributed Continuity Integrated Network Top Secret Enterprise Services (DCIN-TS ES) which is a DoD-provided, TS / SCI, integrated voice, video, and data, global communications network that facilitates collaboration among senior leaders and key staff. The Lone Wolf Team is Mission Focused, Customer Oriented, Process Guided, and Solutions Driven. Candidates interested in joining the team must be critical thinkers, have a strong work ethic, and be able to work independently or as a member of a team in a dynamic environment that supports a critical and rewarding mission. We value candidates who are detail-oriented while also being able to think and react quickly to emerging and unique problem sets.

To be successful, you must be able to rapidly adapt and learn how to operate the front and back end of new products and processes. The Team is expected to grow and is looking for people who can apply disciplined processes and provide imaginative solutions that enable the adoption of innovation and emerging technologies that create opportunities for transformative change.

Responsibilities

The duties and responsibilities of the Senior Information System Security Engineer (ISSE) include, but are not limited to, the following :

• Primarily responsible for maintaining the test and operational environments to include all cybersecurity tool sets and collaborating with systems and network engineers.
• Create and maintain custom dashboards, develop complex queries, generate reports, and configure alerts and notifications using cybersecurity tools such as Splunk, Tenable, and Trellix to support monitoring, analysis, and incident response activities.
• Identify and onboard new data sources into cybersecurity tools, and perform analysis to detect anomalies, patterns, and trends that support threat detection and situational awareness.
• Use knowledge, skills, and ability to conduct research for designing, integrating, and implementing security controls into current and future products / systems thus ensuring these systems can be accredited based on compliance with the Joint Special Access Program Implementation Guide (JSIG).
• Recommend the components to implement system security requirements using intimate knowledge of security design best practices for information systems throughout the system development life cycle to support the generation of the security engineering products.
• Assist with the design, deployment, and administration of a multi-site, distributed Splunk environment. Including Multi-site Clustering, Search Head Clustering, Universal Forwarders, Deployer, and Deployment Server.
• Configure, operate, and maintain Trellix and its components (ePolicy Orchestrator, Trellix Agent, Data Loss Prevention, Host Intrusion Prevention System, Policy Auditor, Asset Baseline Monitor, and Virus Scan Enterprise) on Windows and Linux creating exceptions to allow essential processes to continue uninterrupted.
• Administration / operation of information security compliance tools / platforms with a special concentration in managing Tenable Security Center and NESSUS.
• Provide Tier 1, 2, and 3 maintenance support for deployed cyber security technologies.
• Assist with periodic and regular security assessments.
• Assist with the development and maintenance of information security policies, standards, and control procedures to enable compliance with RMF.
• Assist with POA&M management, mitigation statement formulation, and interfacing with system administrators to resolve open findings of high and at-risk systems.
• Perform security assessments on hardware / software products to include physical, virtual, boundary, and security appliances.
• Implement continuous monitoring tools and processes, development of improvements to security assessments regarding accuracy and efficiency as well as integration of new techniques to improve the confidentiality integrity availability of network / operational systems at multiple classifications levels.

Qualifications - External Requirements

Experience in Splunk role while working in a Splunk Clustered Environment Knowledge and experience with NESSUS / ACAS and Trellix administration Must be able to work a 40-hour work week, normally Monday through Friday. Ability to work overtime during critical peaks and be available to meet last-minute requests for overtime if needed. Ability to travel (5-10%) primarily within 75 miles. Familiarity with MS Office applications such as Excel, Word, Outlook, SharePoint, Project, and Visio. Exceptional attention to detail; excellent verbal and written communication skills; strong critical thinking, organizational, time-management, and problem-solving skills. Ability to work both independently and as part of a team in a dynamic environment. Clearance Required : Must have active Top-Secret clearance with SCI or TS with the ability to acquire SCI Minimum Education : Master's Degree in a related field (Cyber and / or Engineering) Minimum Years of Experience : 10 years of relevant experience Required Certifications : Ability to meet or exceed DODD 8140 / 8570 IAM Level 3 Requirements, to include CE certification Preferred : At least one of the following certifications is preferred : Splunk Core Certified Advanced Power User Splunk Enterprise Certified Administrator Splunk Enterprise Certified Architect Splunk Core Certified Consultant