Are You An Employer?
If you're looking to post a job, go to our employer website. (Thanks, but I'm searching for a job).)
Are You A Job Seeker?
If you're searching for a job, go to our job seeker website. (Thanks, but I'm looking to post a job).)
Don't display this message again x
Sign In
 [New User? Sign Up]
Mobile Version

Senior SIEM Content Developer and Engineer (SPLUNK and custom tools)

Lockheed Martin

Rockville, MD
Job Code:
Lockheed Martin
  • Save Ad
  • Email Friend
  • Print

Job Details

Are you interested in engineering and sustaining cutting-edge cyber detection capabilities for a world class Computer Incident Response Team? Want to work with top-notch security analysts, and industry leading thought leaders in Cyberspace? Lockheed Martin is seeking an ambitious and highly motivated candidate with expertise in SIEM technology to build advanced detections, engineer, and sustain solutions for cyber security analysts

Our SIEM and Logging Platform are comprised of both COTS and custom tools. The role demands having expertise in SPLUNK development, search capabilities, and building data models, dashboards, and queries to enable visibility, detection, alerting, and reporting for cyber security threats. The role also demands understanding and general experience with cyber security tools and logs such as Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS), malware analysis systems, firewall logs, object scanners, endpoint security systems, web logs, and server logs. The candidate must be detail oriented, comfortable on the command line, using the SPLUNK UI, and performing log analysis on standard and custom log sources

Responsibilities include, but are not limited to:
- Support security analysts in implementing unique use cases
- Develop and customize SPLUNK Apps and dashboards and build advanced visualizations
- Customize the SIEM platform to promote advanced searching, forensics and analytics, and advance creative solutions to complex problems
- Perform data interpretation, classification and enrichment
- Build data models and manage knowledge objects
- Configure summary-based reports and data model acceleration

This is a fast paced, challenging position where high performance and quick ramp-up is expected. The ability and willingness to support and meet tight deadlines on a continual basis, while staying focused on policies and procedures will produce successful results. The ability to perform effectively and efficiently, both independently and as a member of a diverse virtual team is most valued


Basic Qualifications
5 years experience working with SIEM technology in the following disciplines:
- Rule and content development for alerting, metrics, and/or reporting
- Analyzing standard and custom data sources and performing formatting, tokenizing, and parsing functions
- Collaborating with data owners and customers on understanding data sources and use cases, and successfully translating requirements to actionable content

At least 2 years of experience with SPLUNK with the following components:
- Develop security-focused content and focus on the creation of complex detection and alerting logic and log source on-boarding. Develop advanced reports to meet analyst requirements
- Highly skilled and experienced with SPLUNK Search Processing Language (SPL)
- Managing SPLUNK knowledge objects (e.g. fields, extractions, tags, event types, lookups, workflow actions, aliases, macros, etc.)
- Experience developing content with regular expressions, performing data interpretation, classification and enrichment
- Demonstrated strong knowledge and hands-on experience with SPLUNK configuration model, web UI and Common Information Model

2 years experience with using scripting languages to manipulate data (e.g. Python, perl, bash etc.)

Basic programming skills in Java, C#, or Ruby

Excellent team collaboration skills and written communication skills

Ability to obtain and maintain DoD Secret Clearance

Desired skills
Experience with SPLUNK Enterprise Security (ES)

Experience conducting research in host and network-based security technologies, machine learning algorithms, and detection methods

Experience creating customized security log analysis and detection capabilities using programming and development expertise, including Java, Python, Shell scripting, and regular expression

Experience integrating SPLUNK with external systems such as ticketing systems

Basic web design experience and familiarity with XML, HTML, and Javascript

Experience with automation and performance tools (eg. Puppet, Ansible, Prometheus)

Experience with database design or other complex data structures

Working knowledge of networking concepts and technologies

As a leading technology innovation company, Lockheed Martin’s vast team works with partners around the world to bring proven performance to our customers’ toughest challenges. Lockheed Martin has employees based in many states throughout the U.S., and Internationally, with business locations in many nations and territories

Join us at Lockheed Martin, where we’re engineering a better tomorrow

Lockheed Martin is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status

Job Location(s): Rockville Maryland

Quick Search:

Enter Keyword(s):
Enter Location: