We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
#alert
Back to search results

Splunk Phantom Engineer

Booz Allen Hamilton
United States, Virginia, McLean
July 30, 2022
Job Number: R0139657

Splunk Phantom Engineer

Key Role:

Design, implement, integrate, and maintain systems and tools to automate complex cyber activities. Apply advanced consulting skills, extensive technical expertise, and full industry knowledge. Consult on and lead vulnerability identification, new threat exposures, and emerging security technologies. Work with in-house teams to identify the right mix of tools, techniques, and procedures to translate your customer's needs and future goals into a plan that will enable secure and effective solutions. Take a critical approach to solution design, identifying gaps, providing alternatives, and customizing solutions to maintain a balance of security and business needs. This position is open to remote delivery anywhere within the U.S., to include the District of Columbia.

Basic Qualifications:

  • 3+ years of experience with tool integrations, including REST APIs and SOAP APIs

  • 1+ years of experience with Splunk Phantom, including writing playbooks, troubleshooting, training, or supporting technical requests

  • Experience with FireEye, BigFix, Tanium, ForeScout, ZScaler, Palo Alto, McAfee, Carbon Black, CrowdStrike, Splunk, or ServiceNow

  • Experience in Security Operations, SOC, SIEM, Incident Response, and Threat Intelligence

  • Experience with Cyber Security technologies, protocols, and applications

  • Experience in Linux administration

  • Ability to provide knowledge transfer and training to clients and co-workers

  • Ability to obtain a security clearance

  • Bachelor's degree

Additional Qualifications:

  • 3+ years of experience with programming languages, including Python

  • 2+ years of experience with Splunk Phantom, including writing playbooks, troubleshooting, training, or supporting technical requests

  • Experience with Cybersecurity technologies, protocols, and applications, including EDR, SIEM, Firewalls,AV, and IDS/IPS

  • Experience in log management platforms, including Splunk, Elasticsearch, Logstash, Kibana, ELK, and Elastic Stack

  • Experience in Networks and Network Protocols, including TCP, UDP, DNS, HTTP, HTTPS, SSH, and FTP

  • Ability to produce new playbooks and automate manual security operations procedures per the backlog and as requirements from security operations teams, as new security tools and controls emerge in the marketplace

  • Ability to help manage an inventory of integrations that enable broader playbook creation

  • Ability to work on developing connectors with tools to effectively enable end to end automation of security operations procedures

  • Security+, CEH, and CISSP Certification

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

Compensation:

The proposed salary range for this position in Colorado is 125,000 to 150,000. Final salary will be determined based on various factors.

At Booz Allen, we celebrate your contributions, provide you with opportunities and choice, and support your total well-being. Our comprehensive benefit offerings include healthcare, retirement plan, insurance programs, commuter program, employee assistance program, paid and unpaid leave programs, education assistance, and childcare benefits.

We're an equal employment opportunity/affirmative action employer that empowers our people to fearlessly drive change - no matter their race, color, ethnicity, religion, sex (including pregnancy, childbirth, lactation, or related medical conditions), national origin, ancestry, age, marital status, sexual orientation, gender identity and expression, disability, veteran status, military or uniformed service member status, genetic information, or any other status protected by applicable federal, state, local, or international law.

ID15-C
Applied = 0

(web-5d5d7bc6f5-jwrnr)