We are looking for a Splunk Administrator to join our Corporate IT Team!
Why MetTel
MetTel is a cutting‐edge telecom service provider delivering software and telecom services to enterprise companies nationwide. Our teams help create next-‐generation systems to meet the challenge of today’s rapidly changing business climate and set new standards for the telecom industry. From traditional voice to advanced services, MetTel’s extensive partnerships enable us to deliver a complete portfolio of services in the United States, Canada and Puerto Rico as well as global MPLS and VoIP solutions. We believe that each team member is a key to the success and sustainability of the group. In order to achieve this, we offer an environment where all professionals can grow and develop their skills and competencies, collaborate with diverse professionals, share knowledge and enjoy a rewarding career.
Key Responsibilities:
- 4+ years hands on as a Splunk Admin
- Splunk Certification 'preferred' in one of the following:
- Splunk Enterprise certified admin,
- Splunk enterprise certified architect or
- Splunk Enterprise Security Certified admin
- Monitor and analyze security events and alerts from multiple sources, including security information and event management (SIEM) software, network and host-based intrusion detection systems, firewall logs, user reported incidents, and system logs (Windows and Linux), and databases.
- Use various Security Incident and Event Management (SIEM) tools, SOAR platform and other related security management/console applications, such as network traffic and data analytics.
- Responsible for data collection, review and analysis of internal and external threats and attacks, including but not limited to alert response, Root Cause Analysis, and some forensic level tasking.
- Analyze both raw and processed security alerts, event data and logs to identify potential securityincidents, threats, mitigations, and vulnerabilities.
- Direct experience with SIEM, EDR, Anti-Virus, Firewall, Network protocols, Windows securityevents, Phishing mitigation, Wireshark
- Perform triage of incoming issues (assess the priority, determine risk)
- Initiate incident notification, case tracking/management, recovery actions, and report statusupdates.
- Participate in the remediation of incidents and responses that are generated from live threatsagainst the enterprise.
- Support follow-on actions, such as coordinating with other organization teams to facilitateremediation of the alert/event/incident, and close out the investigation.
- Regularly communicate with engineering teams to inform them of issues, help them remediate, and ensure that they continue to operate business as usual.
- Maintain a strong awareness of the current threat landscape.
- Provide Incident Response (IR) support when analysis confirms actionable incident.
- Provide threat and vulnerability analysis as well as security advisory services.
- Perform and Manage vulnerability scanning using Tenable and Nessus. Produce scan reports for analysis.
- Knowledge of network protocols, network analysis tools, and ability to perform analysis of associated network logs.
- Serve as the technical escalation point and mentor for lower-level analysts.
- Perform incident response analysis uncovering attack vectors involving a variety of malware, data exposure, and phishing and social engineering methods.
- Support and develop reports during and after incidents, which include all actions taken to properly mitigate, recover and return operations to normal operations.
- Assist in real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs)
- Occasional travel to company HQ
Desired Skills and Experience:
- Splunk Certification in one of the following is preferred: Splunk Enterprise Certified Admin, Splunk Enterprise Certified Architect or Splunk Enterprise Security Certified Admin
- Experience using ticketing systems such ServiceNow
- Alert development based on log analysis
- Knowledge of: Strong Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), DataLoss Prevention (DLP), Identity and Access Management (IAM) solutions
- Bachelor’s degree in a Computer Sciences. (Computer Security/Information Security degree preferred), in lieu of a degree, additional experience will be considered
- Knowledge of and experience with intrusion detection/prevention systems and SIEM software
- Experience analyzing network and host-based security events
- Knowledge of various security methodologies and processes, and technical security solutions
- Knowledge of incident response life cycle and steps
- Knowledge of TCP/IP protocols, network analysis, and network/security applications
- Knowledge of common Internet protocols and applications
- Experience working within 1 or more SOAR platforms preferred
- Excellent written and oral communication skills
- Self-motivated and able to work in an independent manner.
- Summary Knowledge of: Strong Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM) solutions, Splunk certification(s) in administration, SOAR or Enterprise Security, Pen testing experience a plus
*The salary range reflected is a good faith estimate of base pay for the primary location of the position. Our compensation reflects the cost of labor across several U.S. geographic markets, and we pay differently based on those defined markets. The U.S. pay range for this position is $100,000 annually. Pay within this range varies by work location and may also depend on job -related knowledge, skills, experience and abilities of the successful candidate. Your recruiter can share more about the specific salary range for the job location during the hiring process.