BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments.
SPLUNK ENGINEER
- This is a short-term contract with a potential to either extend or convert to a permanent position. We are looking for a talented and enthusiastic individual with excellent technical and client-facing skills, to act as a Splunk engineer who can design, deploy, support and configure Splunk in a range of hosting environments. They will also be responsible for working with clients to derive and implement the security use cases across a range of platforms and systems to be monitored. The role will range from designing and deploying new solutions, assessing existing deployments to make improvements, and onboarding new data sources. This role is situated within our Government business, based in Canberra, with substantial time on client sites and will require a government security clearance at NV2 minimum, but candidates will be expected to undergo PV. The company supports individual career development and has a wide range of opportunities to develop into cloud implementation, solution architecture, and broader security consulting, depending on the aspirations and skills of the successful candidate. Responsibilities Design and deploy Splunk enterprise, enterprise security, Splunk SOAR and UBA components across a range of hosting environments. Integrate Splunk into identity management solutions. Integrate Splunk with CTI tools and case management solutions. Design, implement and manage log collection and onboarding activities to SIEM. Oversee deployment/implementation activities ensuring that entry criteria are met, all planned activities are completed and that rollback plans are initiated where required. Identify use cases, plan development, deployment, testing and release into production. Produce, update and maintain corresponding playbooks for detection and automation content. Develop, test and deploy updated and new content across the monitored estate in liaison with the client. Maintain existing detection content to ensure it remains current and relevant to the monitored estate, and that false positives are kept to a minimum. Assess the effectiveness of new/updated rules and analytics to feed into future development activities. Review and approve all required documentation as part of a release or change including design, deployment, configuration, and administration guides. Integrate solutions with vulnerability and asset and configuration management and other tools to enrich the efficacy of the solution. The strategic focus of the role is to ensure that the detection and monitoring technology remains optimized, current, and tailored to the changing threat landscape, client risk position, and technology in use. The role is a cyber technical specialist with deep knowledge of the Cyber Monitoring technologies and cyber threat tools, tactics, techniques, and procedures. Requirements Technical Strong knowledge of how Azure and AWS security functions work as security controls as well as detection tools to protect large cloud estates; Produce content and playbooks on Sentinel and Splunk to detect security breaches and recognize the importance of threat-led Use Cases. Knowledge of SIEM/SOAR tools (Splunk and Sentinel at a minimum) and other appropriate tooling e.g. SOAR, Threat Intelligence, traffic analysis tools etc. to identify signs of intrusion, and advise where new/improved tooling could enhance the SOC operation. Experience deploying and configuring Splunk in a performant manner on cloud to support high data rates. Proven delivery and experience leading conducting onboarding activities onto a SIEM. Deep knowledge and experience of operational ICT service delivery management. Non-technical Client-side consulting, including stakeholder engagement and the ability to communicate insights and concepts to others (including briefing skills and report writing). Coaching mindset – help and mentor team. Security process development. Able to understand and adapt to different cultures and hierarchical structures. Self-starter and capable of independent working. Team player and adept at working in multi-disciplinary and diverse teams. Communication skills. Ability to write concisely and clearly in simple language. Ability to speak clearly and accurately in English. Life at BAE Systems Digital Intelligence We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day. By embracing technology, we can interact, collaborate and create together, even when we’re working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well-being. Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organizational culture where employees with varying perspectives, skills, life experiences, and backgrounds – the best and brightest minds – can work together to achieve excellence and realize individual and organizational potential.
#J-18808-Ljbffr
- This is a short-term contract with a potential to either extend or convert to a permanent position. We are looking for a talented and enthusiastic individual with excellent technical and client-facing skills, to act as a Splunk engineer who can design, deploy, support and configure Splunk in a range of hosting environments. They will also be responsible for working with clients to derive and implement the security use cases across a range of platforms and systems to be monitored. The role will range from designing and deploying new solutions, assessing existing deployments to make improvements, and onboarding new data sources. This role is situated within our Government business, based in Canberra, with substantial time on client sites and will require a government security clearance at NV2 minimum, but candidates will be expected to undergo PV. The company supports individual career development and has a wide range of opportunities to develop into cloud implementation, solution architecture, and broader security consulting, depending on the aspirations and skills of the successful candidate. Responsibilities Design and deploy Splunk enterprise, enterprise security, Splunk SOAR and UBA components across a range of hosting environments. Integrate Splunk into identity management solutions. Integrate Splunk with CTI tools and case management solutions. Design, implement and manage log collection and onboarding activities to SIEM. Oversee deployment/implementation activities ensuring that entry criteria are met, all planned activities are completed and that rollback plans are initiated where required. Identify use cases, plan development, deployment, testing and release into production. Produce, update and maintain corresponding playbooks for detection and automation content. Develop, test and deploy updated and new content across the monitored estate in liaison with the client. Maintain existing detection content to ensure it remains current and relevant to the monitored estate, and that false positives are kept to a minimum. Assess the effectiveness of new/updated rules and analytics to feed into future development activities. Review and approve all required documentation as part of a release or change including design, deployment, configuration, and administration guides. Integrate solutions with vulnerability and asset and configuration management and other tools to enrich the efficacy of the solution. The strategic focus of the role is to ensure that the detection and monitoring technology remains optimized, current, and tailored to the changing threat landscape, client risk position, and technology in use. The role is a cyber technical specialist with deep knowledge of the Cyber Monitoring technologies and cyber threat tools, tactics, techniques, and procedures. Requirements Technical Strong knowledge of how Azure and AWS security functions work as security controls as well as detection tools to protect large cloud estates; Produce content and playbooks on Sentinel and Splunk to detect security breaches and recognize the importance of threat-led Use Cases. Knowledge of SIEM/SOAR tools (Splunk and Sentinel at a minimum) and other appropriate tooling e.g. SOAR, Threat Intelligence, traffic analysis tools etc. to identify signs of intrusion, and advise where new/improved tooling could enhance the SOC operation. Experience deploying and configuring Splunk in a performant manner on cloud to support high data rates. Proven delivery and experience leading conducting onboarding activities onto a SIEM. Deep knowledge and experience of operational ICT service delivery management. Non-technical Client-side consulting, including stakeholder engagement and the ability to communicate insights and concepts to others (including briefing skills and report writing). Coaching mindset – help and mentor team. Security process development. Able to understand and adapt to different cultures and hierarchical structures. Self-starter and capable of independent working. Team player and adept at working in multi-disciplinary and diverse teams. Communication skills. Ability to write concisely and clearly in simple language. Ability to speak clearly and accurately in English. Life at BAE Systems Digital Intelligence We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day. By embracing technology, we can interact, collaborate and create together, even when we’re working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well-being. Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organizational culture where employees with varying perspectives, skills, life experiences, and backgrounds – the best and brightest minds – can work together to achieve excellence and realize individual and organizational potential.
#J-18808-Ljbffr
