TECHEAD is celebrating thirty-five years of incredible heritage, talent, and accomplishments!
To learn more about TECHEAD, visit us at TECHEAD.com or on Glassdoor.com.
Cybersecurity Engineer | 20812
Contract -1 year
Remote - Meetings/testing on-site Richmond, VA
No C2C Candidates
Responsibilities and Requirements:
Pentest
- Testing: Performing remote or onsite tests on all VDH systems, networks, and applications to identify security weaknesses
- Analyzing: Analyze the vulnerabilities and mitigation methods
- Reporting: Provide reports which include findings, risks, and conclusions
- Advising: Recommend security improvements and methods to mitigate security risks
- Collaborating: Working with VDH IT to determine their testing requirements
- Creating: Creating and implementing new penetration testing methods, scripts, and tool
Splunk
Management of Data Collection Infrastructure
- Deployment Server management to distribute Splunk Universal Forwarder (UF) instances
- Syslog servers that collect data from infrastructure systems (firewalls, IDS, UPS or other syslog generating device)
- Splunk heavy forwarders which can collect information from various databases or third-party systems
- Splunk HTTP event collector to obtain data from custom applications (Java, .net, JavaScript, or other web apps), and
- When used, Splunk Stream to capture wire data and output raw or statistical information about the data.
- Re-architecture of Syslog aggregation for Splunk or extensive modification to Syslog configuration (configuring new storage, building for high availability, etc.)
- Expanding log source collection of an existing source type
- Custom script development (e.g., for data collection or integration to non-standard products)
Deployment Maturity
- Splunk Enterprise and application upgrades (to approved versions)
- Creating and modifying roles and user group associations
- Modifying indexes and retention policy
- On-boarding new data sources
- Installation and configuration of Splunk certified applications and Technology Add-ons (TA’s)
- Installing non-certified Splunk apps and add-ons (evaluated on case-by-case basis)
- Re-architecture of authentication into Splunk (LDAP connection, SSO, etc.)
License Management
- Evaluate largest consumers of data ingest within your organization
- Perform log value audits (in conjunction with your teams, evaluate logs and filter what is and is not necessary for security, compliance, and other stated use cases)
- - Reduces license usage on data sources, by reviewing data and events that have high analytics value versus low value or reducing duplicate logging
- -Allows capacity to be repurposed for other necessary analytics use cases
Health & Performance (including Splunk Cloud deployment)
- Deployment health checks & architecture reviews
- System Performance Tuning
- Troubleshooting issues within Splunk environment, including silent log source monitoring
- Providing answers to questions about Splunk
- Periodic review of
- Errors/warnings reported by internal Splunk logs Log normalization (CIM); monitoring to ensure nothing has changed (e.g., CIM compliant logs have not changed in structure).
TECHEAD provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including, but not limited to, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.