Search for More Jobs
Forward job to a friend
Apply without Registering
Apply by creating/using an account
Please enter your registered email address, and we'll email you a link to reset your password right away.
Digital Forensics and Incident Response (DFIR) responds to Security and Privacy incidents across Client (Client) business segments and supports objective and professional analysis and response to security policy violations.
This position will be responsible for creating and managing custom detection and disruption content used by the Security Operation Center as well as other countermeasures that identify and eliminating Information Systems threats. Client defines “content” as any specific custom alert, report, dashboard, or other such custom rule. The ideal candidate will have excellent analytical skills, strong technical skills in the identified technology areas, and fundamental understanding of security applications, and cyber security, or statistical analysis, concepts.
• Develop custom content to support, and enhance, Security Operation Center monitoring, detection and investigative capabilities.
• Leverage agile concepts and Kanban methodology to develop content.
• Lead small projects to delivery by established deadlines.
• Utilize the DFIR Content Governance site to ensure all custom content is inventoried and compliant with DFIR processes and best practices
• Manage the lifecycle of all content to include periodic review of all content and regression testing
• Able to work with primary and secondary stakeholders to create content, dashboards, or reports that meet their requirements
• Engage with owners of new technologies to facilitate data onboarding.
• Perform data parsing and normalization functions against disparate data sets
• Present graphic models for presentation to decision makers.
• Deliver work product demonstrations for review and acceptance.
• Ability to create advanced Splunk custom queries, reports, dashboards, visualizations, and alerts (min 3+ yrs direct experience).
• Ability to incorporate transforms, drilldowns and workflow actions into search content.
• Experience working with large data sets (min 3+ yrs direct experience).
• Understanding of statistical learning models for data analysis (min 1+ yrs experience).
• Ability to develop and apply data models to network, application, and system event data for the purpose of identifying anomalies, trends and to produce forecasts in support of device health, performance and utilization, and security monitoring and alerting services. (min 1+ yrs experience)
• Ability to research and recommend Splunk technical add-ons, applications, and workflow enhancements in line with organization strategies. (min. 3+ yrs experience)
• Understand windows logging taxonomy and event ID’s (min 1+ yrs experience)
• Experience with one or more scripting languages such as Perl, Python and PowerShell.
• Must be process and detailed oriented and possess good documentation, written and verbal communication skills.
• Familiarity with agile concepts.
• Familiarity with cyber security issues and incident response techniques.
• Excellent problem solving skills with ability to diagnose/troubleshoot technical issues.
• Familiarity with network security, basic routing principles and networking fundamentals, and well-known protocols and services (e.g. FTP, SSH, SMB, LDAP).
• Ability to fully utilize MS Office products.
• Associate’s Degree or equivalent from two-year College or technical school in Information Technology, Information Security/Assurance, Engineering or related field of study; at least 2 years of related experience and/or training; or equivalent combination of education and experience required.
• Solid understanding of Information Security and Networking required.
• Outstanding time management and organizational skills required.
• Ability to work both independently and as part of a team with little supervision
• Customer-oriented focus required, with a strong interest in a satisfied client.
• Minimum 5 years of general IT experience with a variety of operating systems including Windows, Linux or UNIX in a functional capacity.
• Minimum 3 years working as a Security Operations Center engineer leveraging Splunk to create custom content including but not limited to; alerts, reports, dashboards, and application research.
• Minimum 1 years working as a Security Incident Response professional preferred.
• Minimum 1+ years data analysis experience using statistical analysis techniques (considered in lieu of security and networking experience)
• Minimum 1+ years of experience working directly with data science related languages or tools with direct experience using python and Splunk (considered in lieu of security and networking experience).
• Previously an intermediate windows system administrator or network security administrator (1+ yrs direct experience) preferred.
Apply by creating/using an account
DIVERSANT (diversant.com) is one of the largest African-American owned IT staffing firms in the U.S. We offer rewarding career opportunities with many of the nation’s leading corporations. Our experienced recruiters understand what hiring managers look for in a candidate and provide our applicants with the proper support and guidance along the entire application and interviewing process. We offer opportunities on a contingent, contract-to-hire, and direct hire basis. At DIVERSANT, we are committed to providing the highest level of service and satisfaction to our customers, consultants, and employees.
DIVERSANT provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, DIVERSANT complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities.
WORK OPPORTUNITY TAX CREDIT
Diversant LLC participates in the Work Opportunity Tax Credit program. ADP Tax Credits administers this program on our behalf. It is vital that you follow the steps listed below in order for the tax credits to be processed. We appreciate your cooperation. Please note participation in this program is voluntary and is a required part of the employment application process. Formal application steps should still be followed.
Work Opportunity Tax Credit Applicant Instructions
• Open https://tcs.adp.com/screen/index.html?cc=diversant
Note: To change the language on screen please select a language from the dropdown box
• Click on Continue to begin
• Please answer each question including electronically signing any applicable forms
• To complete the interview and save your work, please click eSign and Finish
• If applicable, upload any available supporting documents and click Continue