SOC Analyst / Splunk Administrator

Apex Systems is seeking a SOC Analyst / Splunk Administrator to work partially remote and will be expected onsite in Washington, D.C. for 1 day per week.

Summary:

This position is a hybrid role designed to bridge SOC Analysis with Splunk Engineering and Content Creation. The candidate should have experience with administering Splunk, creating custom content with SPL, managing data in a SIEM, and conducting security investigations through Splunk ES.

The ideal candidate will have a solid understanding of cyber threats and information security, including TTPs, Threat Actors, Campaigns, and Observables, and be proficient in administering Splunk and creating dashboards and notables.

The candidate should also be familiar with tools commonly used in SOC environments, such as intrusion detection systems, SIEM platforms, endpoint threat detection tools, and security operations ticketing systems.

Requirements:

• Must be a U.S. Citizen with the ability to obtain a Public Trust clearance.
• Minimum 2-5 years of experience in network defense environments.
• Splunk Admin Certification is required; 15+ years of experience can substitute for certification.
• Strong analytical and technical skills in computer network defense, including incident handling, hunting, and malware analysis.
• Experience analyzing security events to discern true positives, including event triage, investigation, and incident response.
• Hands-on experience managing and optimizing Splunk Enterprise Security.
• Experience managing data sources, onboarding new sources, and troubleshooting data issues.
• Proficiency in creating dashboards, reports, and notable events.
• Ability to develop rules, filters, signatures, and scripts to support detection efforts.
• Strong logical and critical thinking skills for analyzing security events from various sources.
• Excellent organizational skills and attention to detail in security workflows.
• Knowledge of operating systems (Windows, macOS, Linux), Active Directory, network protocols, and internet standards.
• Experience implementing security countermeasures in enterprise networks.
• Strong written and verbal communication skills.

Desired Qualifications:

• Experience researching emerging threats and developing monitoring content.
• Experience with tools such as FireEye, Palo Alto, and MS O365.
• Relevant certifications like Security+, CySA+, GCIA, GCIH.
• Scripting or automation experience.
• Familiarity with cloud security monitoring (AWS, Azure).

Education:

EEO Employer

Apex Systems is an equal opportunity employer. We do not discriminate based on race, color, religion, sex, age, sexual orientation, gender identity, national origin, or other protected characteristics. Qualified applicants with criminal histories will be considered in accordance with applicable law. For accommodations during the application process, contact our Employee Services Department.

Apex Systems is a global IT services company committed to innovation, collaboration, and continuous learning. We offer various career resources, training, certifications, and benefits. Our commitment to excellence has earned us awards such as ClearlyRated's Best of Staffing and Great Place to Work.