Raytheon Technologies Splunk Engineer - Enterprise SIEM in United States
Raytheon Technologies Cyber Operations Engineering has an opening for a Principal Cyber Defense Technologist and is seeking an experienced Splunk engineer with a cyber-security background to support enterprise SIEM.
As a member of Cyber Operations Engineering, you will be part of a team of security engineers with extensive technical experience in enterprise data networks, systems engineering and architecture, security monitoring, capacity planning, and troubleshooting. The team’s primary mission is to support our cyber SOC and incident response teams by delivering critical services. The services include IDS/IPS, SIEM, case management, packet capture, and others.
You will be part of the team responsible for the management of Raytheon’s enterprise SIEM. In addition to handling the day-to-day administration of the system, you’ll work closely with our SOC and incident response teams to identify ways to improve security event analysis, work with system owners to onboard new data sources, develop new detection signatures, and use your expertise in scripting to integrate new capabilities. Your main responsibilities will include:
Proactively monitor the service for performance and other issues, and address them in a timely manner while adhering to a strict change management process.
Perform advanced network analysis, problem identification and solution design.
Interface with end users to assist with collecting logs into SIEM.
Interface with members of Cyber Threat Operations to improve threat detection capabilities.
Perform system administration and maintenance on local or remote devices.
Write extractions and parsers for new log sources, and normalize for data modeling.
Lead projects to patch, upgrade, and extend the platform.
Develop custom commands and integrations in python.
Develop and tune SIEM detection rules.
Participate in a 24/7 on-call rotation.
Minimum 8+ years of experience working in Systems Engineering (Linux) or IT (Splunk) and a bachelor’s degree or equivalent combination of work experience and schooling/certifications in lieu of degree.
Minimum 3 years of professional experience administering Splunk clustered environments.
Minimum 3 years of professional experience building, administering and securing Linux based systems.
Ability to independently lead complex projects with minimal direction from leadership.
Fluency in tstats, data modelling, search optimization, and advanced dashboarding.
Proficiency with software development / scripting in Python.
Understanding of TCP/IP and basic principles of networking (routing and switching).
Understanding of cyber security concepts.
Aptitude for troubleshooting, creative thinking, and problem solving;
Available to participate in a 24/7 on-call rotation;
This position requires the eligibility to obtain a U.S. security clearance. Except in rare circumstances, only U.S. citizens are eligible for a security clearance.
This position requires either a U.S. Person or a Non-U.S. Person who is eligible to obtain any required Export Authorization
Experience with Splunk Enterprise Security.
Working knowledge of relational databases.
Experience with configuration automation/orchestration tools (Ansible, Chef, Puppet)
Experience using Version Control Systems in a team environment (Git, SVN)
Understanding of SDLC methodologies, especially Agile.
Experience with syslog, rsyslog, or syslog-ng.
Experience with public cloud platforms (AWS, Azure, GCP)
Experience writing and maintaining detection rules for SIEM.
Experience working on a Computer Incident Response Team (CIRT)
Previous experience working in a Security Operations Center (SOC)
Experience with security log analysis.
Information Security and IT certifications: Splunk, GIAC, CISSP, Cisco, Red Hat, AWS, etc.
Bachelor’s degree in Information Technology, Computer Science, Computer Engineering, Cyber, Mathematics or related discipline or equivalent combination of work experience and schooling/certifications in lieu of degree. 174819
Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, age, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.