Principal CyberSecurity Engineer (Splunk)- Remote

Company: CareFirst BlueCross BlueShield
Location: Owings Mills
Posted on: March 19, 2023

Job Description:

Resp & Qualifications
PURPOSE:
Develops and implements security solutions. Administers security technology systems by architecting and engineering/developing trusted systems into secure systems.
Assists in the development of implementation and deployment plans that are aligned to the organizational strategic plan objectives and security requirements. Advises management in developing cybersecurity policies, processes, and procedures.
ESSENTIAL FUNCTIONS:

• 
  
• 
  Provides day-to-day leadership to engineers overseeing the support of security solutions.
  
  
• 
  Works with architects and project managers to provide security requirements.
  
  
• 
  Mentors, educates, and coaches engineers and leaders across the organization on cybersecurity solutions.
  
  
• 
  Answers complex questions about the installation, operation, configuration, and customization of cybersecurity solutions.
  
  
• 
  Identifies and resolves potential conflicts with the implementation of any cybersecurity tools.
  
  
• 
  Reviews and analyzes appropriate solution system logs for performance and functional anomalies.
  
  
• 
  Develops information systems security action plans, evaluates information security products, and performs other activities necessary to secure the organization's network.
  
  
  SUPERVISORY RESPONSIBILITY:
  This position has no direct reports, however, may informally lead teams in a matrix environment.
  QUALIFICATIONS:
  Education Level: Bachelor's Degree in Computer Science, Information Technology, or related field OR in lieu of a Bachelor's degree, an additional 4 years of relevant work experience is required in addition to the required work experience.
  Licenses/Certifications:
  Splunk Certified Developer
  Splunk Enterprise Security Certified Admin
  CISSP Certified Information Systems Security Professional Upon Hire Required OR Certified Ethical Hacker (CEH) Upon Hire Required OR CompTIA Security+ Certification Required OR CompTIA Network+ Certification required
  Experience: 10 years relevant IT security experience
  Preferred Qualifications:
  
  • 
    
  • Advanced degree
    
    Knowledge, Skills and Abilities (KSAs)
    
    • 
      
    • 
      Responsible for creating Splunk ES (Enterprise Security) Security Information and Event Management (SIEM) content to monitor and detect potential threats to the enterprise.
      
      
    • 
      Responsible for SIEM content management, content creation, rule tuning, reporting and alert creation.
      
      
    • 
      Integration of signals and telemtry from various security tools including COTS and Cloud-native (AWS, GCP, Azure).
      
      
    • 
      Work with Splunk engineers to onboard and normalize new data sources ensuring CIM compliance.
      
      
    • 
      Significant experience with threat detection and threat hunting workflows.
      
      
    • 
      Significant experience with Incident Response procedures.
      
      
    • 
      Significant experience in security data analytics.
      
      
    • 
      Significant experience with data models - existing Splunk data models as well as, creation and tuning of data models from the ground up.
      
      
    • 
      Experience with Splunk Machine Learning Toolkit (MLTK).
      
      
    • 
      Will work closely with the CyberSecurity Monitoring and Automation teams to develop requirements and implement detections.
      
      
    • 
      Develop complex dashboards and visualizations.
      
      
    • 
      Develop alerting and notification.
      
      
    • 
      Experience with a variety of scripting languages such as CSS, HTML, JavaScript, Python, PowerShell and shell scripting to automate tasks and manipulate data.
      
      
    • 
      Must be able to meet established deadlines and handle multiple customer service demands from internal and external customers, within set expectations for service excellence. Must be able to effectively communicate and provide positive customer service to every internal and external customer, including customers who may be demanding or otherwise challenging.
      
      
      Department
      Department: InfoSec - CyberSecurity Engineer
      Equal Employment Opportunity
      CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer. It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.
      Hire Range Disclaimer
      Actual salary will be based on relevant job experience and work history.
      Where To Apply
      Please visit our website to apply: www.carefirst.com/careers
      Federal Disc/Physical Demand
      Note: The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.
      PHYSICAL DEMANDS:
      The associate is primarily seated while performing the duties of the position. Occasional walking or standing is required. The hands are regularly used to write, type, key and handle or feel small controls and objects. The associate must frequently talk and hear. Weights up to 25 pounds are occasionally lifted.
      Sponsorship in US
      Must be eligible to work in the U.S. without Sponsorship
      #LI-LD1
      REQNUMBER: 17573

Keywords: CareFirst BlueCross BlueShield, Baltimore , Principal CyberSecurity Engineer (Splunk)- Remote, Engineering , Owings Mills, Maryland