Job Description
As an Advanced Cyber Sec Archt/Engr here at Honeywell, you will be responsible for leading the design and implementation of cutting-edge cybersecurity solutions.
You will be hands-on in fortifying defenses against emerging threats and acting as the subject matter expert for technical challenges. You will be responsible for collaborating with cross-functional teams, staying informed about emerging technologies, and fostering a culture of continuous improvement.
Responsibilities
KEY RESPONSIBILITIES:
- Splunk Administration and Knowledge Object Management:
- Provide administrator-level support to a Splunk Enterprise Security deployment including field extractions/CIM compliance, data model configuration, Assets & Identities maintenance, and health monitoring of the deployment. Experience managing the underlying infrastructure of a Splunk deployment highly desired.
- Leverage Search Processing Language (SPL), develop Splunk apps, analyze complex data, interpret insights, create visualizations, and integrate Splunk with other security tools.
- AUTOMATION:
- Leverage scripting languages (Python, PowerShell) to automate tasks and manipulate data. Connect and integrate various security tools via code and API's to improve workflows, reduce manual effort, and ensure repeatability. Some tooling examples include Microsoft Defender, Splunk, Recorded Future, and Qualys.
- Experience developing SOAR playbooks is a plus.
- DETECTION ENGINEERING:
- Review Threat Intelligence documents and be able to synthesize Threat Actor behaviors, align them to MITRE ATT&CK, and craft working queries to identity these behaviors in a large corporate environment. Understand the lifecycle of a detection rule, how to tune benign activity, and test your detection logic. Experience writing KQL detections in Defender
Qualifications
YOU MUST HAVE:
- A minimum of 3 years experience with Splunk ES, Splunk core, or similar security tools focused on system administration, alerting, data exploration, analysis, and visualization.
- Strong communication skills and demonstrated ability to lead projects across a variety of Teams in a large corporate environment.
- Understanding of cloud and hybrid cloud environments, and security frameworks such as MITRE ATT&CK, OWASP, and NIST.
- Understanding of the evolving threat landscape and current attack tools to gain unauthorized access to enterprise environments.
- A plus for CompTIA and Security + Certification.
- A desire to solve complex problems by digging into logs and technical details
We Value
- Potential to unlock USG Security Clearance.
- Knowledge of defense, intelligence, and cyber security incident response process and procedures.
- CISSP Certification or equivalent DoD 8570 Certification.
- Splunk certifications.
