Cyber Security Architect/Engineer IV

BCforward is currently seeking a highly motivated Cyber Security Architect/ Engineer in Remote.

Position Title: Cyber Security Architect/ Engineer

Location: Remote

Anticipated Start Date: 2nd-December-2024
Please note this is the target date and is subject to change. BCforward will send official notice ahead of a confirmed start date.

Expected Duration: 7+ months contract to permanent

Job Type: [FULL TIME (>%3D40 HRS WEEKLY), [CONTRACT], [Remote]

Pay Range: $87.62/hr - $92.93/hr

NOTE: Candidate must be authorized to work in US without any sponsorship.

Please note that actual compensation may vary within this range due to factors such as location, experience, and job responsibilities, and does not encompass additional non-standard compensation (e.g., benefits, paid time off, per diem, etc.).

Job Description:

Experience implementing dynamic detections, integrating alerting platforms with, but no limited to, Tanium, SEP, Microsoft Defender for endpoint, Sysmon, Microsoft O365 Security alerting, Analyst1, VDI, VMware, Linux Audit logging in conjunction with the advanced Risk-Based Alerting (RBA) security framework. In addition, the applicant would be responsible for tuning and configuration of Splunk Core and Splunk Enterprise Security (ES) services, develop use cases with CISO end users to build content and assist in developing advanced security use cases. Participate in requirements gathering, solutions architecting, design and build of technology solutions to support Continuous Monitoring Program. Assist, train, and host workshops for CISO teams. Support off-hours and weekend efforts for incident investigations and systems maintenance.

Required skills:

Develop and Implement Actionable Alerts and Workflow for Splunk as a SIEM (Security Information & Event Management) tool

Develop and Implement Apps & Knowledge Objects (KO) like Dashboard, Reports, Data Models

Work with the Splunk Architect/Admin to promote private KO to Global KO

Assist, and/or train CISO Splunk Engineering team on Data Lifecycle Support

Assist, train, and/or host workshops CISO teams and analysts on Searching and Content Development

Develop and implement automation to improve efficiency of CISO workflows using Splunk

Assist in development of advanced security use cases in Splunk

Develop risk rules and risk incident rules to correlate and alert to significant cyber events.

Develop custom dashboards specific to RBA (Risk Based Alerting) to highlight risk detail, health analysis and risk suppression.

Configure incident response and remediation workflows for ES around notable events (RBA or otherwise alerted)

Develop custom machine learning (ML) models to support anomaly-detection based augmentation of alerting

Work with numerous stakeholders to implement & maintain event logging from various operating systems, applications, identity providers, network infrastructure, and cloud service providers.

Understanding of network protocols, operating systems, applications, and device event telemetry

Have strong communication and collaboration skills, both oral and written, with excellent interpersonal and organization skills.

Understanding of network defense tools (firewall, IPS/IDS, WAF/CDN, etc), endpoint defense tools (EDR, anti-malware) a plus

Experience with SAAS- or cloud-hosted Splunk implementation a plus.

EXPERIENCE LEVEL:

10+ years of related experience in cybersecurity and NIST standards along with 5+ years of technical writing .

EDUCATION:

Bachelor's degree in business, Engineering, Management Sciences, Computer Science, Information Systems, Social Science, Education, Human Resources Development, and Psychology or other related disciplines and twelve to fifteen years of experience or Master's degree and ten to twelve years of related experience or PhD and eight to nine years of related experience.

CERTIFICATIONS: (One or more required)

-CompTIA Security +

-CPTE - Certified Penetration Testing Engineer or CEH - Certified Ethical Hacker

-CISA - Certified Information Systems Auditor

CISSP

CISSP-ISSEP

CISSP-ISSAP

CISSP-ISSMP preferred

Benefits:
BCforward offers all eligible employees a comprehensive benefits package including, but not limited to major medical, HSA, dental, vision, employer-provided group life, voluntary life insurance, short-term disability, long-term disability, and 401k.

About BCforward:
Founded in 1998 on the idea that industry leaders needed a professional service, and workforce management expert, to fuel the development and execution of core business and technology strategies, BCforward is a Black-owned firm providing unique solutions supporting value capture and digital product delivery needs for organizations around the world. Headquartered in Indianapolis, IN with an Offshore Development Center in Hyderabad, India, BCforward's 6,000 consultants support more than 225 clients globally.
BCforward champions the power of human potential to help companies transform, accelerate, and scale. Guided by our core values of People-Centric, Optimism, Excellence, Diversity, and Accountability, our professionals have helped our clients achieve their strategic goals for more than 25 years. Our strong culture and clear values have enabled BCforward to become a market leader and best in class place to work.
BCforward is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against based on disability.
To learn more about how BCforward collects and uses personal information as part of the recruiting process, view our Privacy Notice and CCPA Addendum. As part of the recruitment process, we may ask for you to disclose and provide us with various categories of personal information, including identifiers, professional information, commercial information, education information, and other related information. BCforward will only use this information to complete the recruitment process.
This posting is not an offer of employment. All applicants applying for positions in the United States must be legally authorized to work in the United States. The submission of intentionally false or fraudulent information in response to this posting may render the applicant ineligible for the position. Any subsequent offer of employment will be considered employment at-will regardless of the anticipated assignment duration.

Interested candidates please send resume in Word format Please reference job code 231845 when responding to this ad.