Are you an IT Security engineer using Splunk?

Do you thrive in a fast-paced and innovative environment?

If so, we may have a position for you!

We are seeking an IT Security Auditor for APL's Classified IT Services team. We provide technical expertise to meet compliance and security objectives in environments that require Audit & Logging Operations, Incident Identification, and Incident Response Coordination.

The Auditor will be a valued team member responsible for performing auditing of five classified security enclaves using Splunk, as well as operations and maintenance of the auditing environment. The environments consist of forwarders, indexers, search heads, centralized log servers, and varying data ingests.

As an Auditor, you will...

• Perform audits to ensure that systems are being operated securely and information system security policies and procedures are implemented as defined in the security plans.
• Use Splunk, and other tools, to monitor user and network activity for precursors and indicators of compromise.
• Serve as a crucial part of the Incident Response (IR) process by reviewing audit escalations, triaging security events, communicating with users and compliance personnel (ISSO, FSO, etc.), and creating post-IR documentation.
• Develop documentation supporting management procedures and implementation guides for Splunk-based solutions.
• Assist with the Assessment and Authorization (A&A) of the Splunk environment. Perform risk assessments and Security tests & Evaluations (ST&E) of Splunk components and equipment under the IAVM and vulnerability management program.
• Review systems to identify potential security weaknesses, recommend improvements, and implement changes. Work with the Vulnerability Management team to remediate findings from Assured Compliance Assessment Solution (ACAS)/Nessus, and Host-Based Security Solution (HBSS) scans and other automated and manual assessment tools such as DoD Security Technical Implementation Guides (STIGs).
• Work with existing and custom Splunk applications and add-ons to fulfill compliance requirements. Implement and administer Splunk in Windows and Linux environments.

You will meet the minimum requirements if you have...

• A BS degree in Computer Science, Management Information Systems, Computer Information Systems, Information Assurance, or a comparable field or equivalent years of professional relevant Security Engineering experience working with DoD IT enclaves, systems, and solutions
• 1+ years of experience with application and OS enterprise logging, running Splunk and SIEM systems, creating rule sets and threat detection logic in Splunk
• Are familiar with the steps of the Incident Response Process
• Hold an active Secret security clearance with the ability to obtain a Top Secret clearance. If selected, you will be subject to a government security investigation and must meet the requirements for access to classified information. Eligibility requirements include U.S. citizenship.
• Current industry certification aligned to DoD Manual 8570.01-M for IAT II, or can obtain it within 6 months of hire
• Can work occasional after-hours to handle and/or complete critical project/work-related business needs.

You will go above and beyond our minimum requirements if you have...

• Intermediate expertise with Red Hat Enterprise Linux (RHEL)
• 1+ years of experience using Splunk and/or other auditing solutions for incident response and user behavior analytics
• Experience with security tool data, including Network & Host Firewall, Tenable, Tanium, ForeScout
• Experience with using scripting languages such as CSS, HTML, JavaScript, Python, and shell scripting to automate tasks and manipulate data
• Experience with Splunk Machine Learning Toolkit (MLTK)
• Splunk Power User, Administrator, or Architect Certification
• Good communication and presentation skills

Why work at APL?

The Johns Hopkins University Applied Physics Laboratory (APL) brings world-class expertise to our nation's most critical defense, security, space, and science challenges. While we are dedicated to solving complex challenges and pioneering new technologies, our culture makes us truly outstanding. We offer a vibrant, welcoming atmosphere where you can bring your authentic self to work, continue to grow, and build strong connections with inspiring teammates.

At APL, we celebrate our differences and encourage creativity and bold, new ideas. Our employees enjoy generous benefits, including a robust education assistance program, unparalleled retirement contributions, and a healthy work/life balance. APL's campus is located in the Baltimore-Washington metro area. Learn more about our career opportunities at www.jhuapl.edu/careers.

APL is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, gender identity or expression, sexual orientation, national origin, age, physical or mental disability, genetic information, veteran status, occupation, marital or familial status, political opinion, personal appearance, or any other characteristic protected by applicable law.

APL is committed to promoting an innovative environment that embraces diversity, encourages creativity, and supports inclusion of new ideas. In doing so, we are committed to providing reasonable accommodation to individuals of all abilities, including those with disabilities. If you require a reasonable accommodation to participate in any part of the hiring process, please contact Accommodations@jhuapl.edu. Only by ensuring that everyone's voice is heard are we empowered to be bold, do great things, and make the world a better place.