Careers at GEHA Home Returning Applicants Current Job Openings

Sr. Security Analyst - Splunk SME
Supv LocationLEE'S SUMMIT
Posting Closes
SupervisorJoshua Gilliland
Job Code91842E
DepartmentRisk & Security
  
Job Responsibilities
Open Positions: 1
Location: Lee’s Summit, MO (201 Building)

Summary

Contributes to the Cybersecurity and Information Security (CSIS) department’s mission to effectively manage security threats and risks that could potentially impact GEHA’s goals and objectives, which include protecting the confidentiality, integrity and availability of the organization’s information assets in compliance with organizational policies, procedures, standards, laws, and regulations.. The CSIS Senior Security Analyst is responsible for supporting the department’s threat management, security assessment, security risk monitoring and incident response processes and technology.

Duties
• Primary responsibility will be administration and continuous improvement of the Splunk Enterprise Security platform, including ongoing development of Splunk reports, queries, and alerts.

• Oversees the collection and analysis of security information and event management (SIEM) data to ensure malicious threats, inappropriate activities, or any events that could potentially impact the confidentiality, integrity and availability of the organization’s information systems and assets are proactively monitored and reported in a timely fashion.

• Responsible for correlating data from multiple sources to ensure detective and monitoring controls are designed and operating effectively and focused on identifying indicators of compromise.

• Responsible for ensuring preventative and detective controls, safeguards and countermeasures are in place to effectively protect GEHA’s information systems and information assets from threats and harm.

• Responsible for ensuring security requirements and security validation procedures are defined, documented and integrated within all phases of the organization’s system development and system acquisition framework.

• Translates technology and environmental conditions (e.g., law and regulation) into system and security requirements, designs, solutions and processes. Evaluates and provides recommendations related to the security and risk management aspects of the organization’s information technology ecosystem.

• Oversees the execution of threat and vulnerability assessments, determines deviations from acceptable configurations and policy, assesses the level of risk, and develops and/or recommends appropriate remediation plans, corrective actions and/or mitigating controls. Oversees the integration, testing, operations, and maintenance of systems security.

• Oversees, manages, administers and monitors security related functions and solutions including, but not limited to, firewalls, intrusion detection systems, vulnerability management systems, threat management systems, antivirus systems, antimalware systems, cloud-based security systems, secure email gateway appliances, web filtering systems, content filtering systems, security information and event management (SIEM) platforms, data-loss prevention (DLP) systems, multi-factor authentication systems, and identity and access management systems.

• Responds to security events, incidents, inquiries, investigations and e-discovery requests in a timely fashion. Security incident response activities include, but are not limited to, incident containment, eradication, collection of evidence, correlation of SIEM data, data analysis, resolution and assisting with corrective action plans and remediation efforts.

• Participates in providing security related training to all levels of the organization’s staff.

• Participates in internal and external audit, compliance and legal support activities. Assists with resolving open audit and compliance security issues.

• Participates in the organization’s business continuity, disaster recovery and crisis management programs including, but not limited to, the preparation and maintenance of continuity plans, recovery plans, standard operating procedures, risk assessments, and testing.

• Assists with the identification and classification of information assets and other information governance related activities.

• Recommends security, threat and risk management solutions and processes that enhance and support the vision, mission and goals of the Cybersecurity and Information Security department. Identifies process improvements, and opportunities to automate or streamline existing processes.

• Creates and maintains documentation in support of team responsibilities, including, but not limited to, security operations, business continuity, disaster recovery, incident response, security assessments, vulnerability management, remediation activities, standard operating procedures, training, and metrics.

Skills and Competencies
• Strong practical knowledge of Splunk required, especially in creating complex queries with SPL.
• Computational thinking ability, as demonstrated by work experience with scripting or programming.
• Requires working knowledge of IP networks, firewalls, and Active Directory, Mobile Device Management, Citrix, Splunk, Microsoft SQL, encryption and virtual computing environment experience a plus (e.g., VMWare).
• Requires experience with daily security activities such as log review, incident response, disaster recovery, security assessments, and vulnerability management. Must be customer service focused, organized, detail oriented, analytical, able to multitask.
• Requires effective verbal and written communication skills to interface with management and employees.
• Strong communication skills, both verbal and written are required
• Strong analytical and problem-solving skills to enable effective security incident and problem resolution
• Proven ability to work under stress in emergencies, with the flexibility to handle multiple high-pressure situations simultaneously.
• Ability to work well under minimal supervision
• Strong team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors, business and internal IT personnel.
• Experience in developing, documenting and maintaining security procedures.
• Establishes a productive behavior in a rapidly changing environment brought about by growth of the company, aggressive international competition in the marketplace, and new technologies.
• At all times, works with a sense of urgency and commitment to understand security system and regulatory requirements, assist in the development of alternate solutions and assist in implementation of selected solutions requiring security system expertise.
• Readily takes ownership of assigned projects and is highly motivated to improve existing processes.
• Maintain work place values that include Integrity, Respect for People, Customer Passion, Energy, and Excellence.

Education Requirements
Requires a Bachelor’s degree in Computer Science, Information Systems, or related discipline. Additional years of qualifying experience may be considered in lieu of formal education and certification requirements.

Experience Requirements
Requires seven plus years of experience in Information Technology, Information Security, IT Assurance, IT Governance, Risk Management and/or Business Continuity Management. Requires one or more of the following governance, risk, assurance or security certifications: CISSP, HCISPP, CRMA, CGEIT, CRISC, CISM, CISA, CBCP, GIAC or related governance, security, risk management or business continuity/disaster recovery certifications.


GEHA is an Equal Opportunity Employer. GEHA will not discriminate against employees or applicants because they have inquired about, discussed, or disclosed their compensation or the compensation of another employee or applicant.

Our company's corporate headquarters is located in Lee's Summit near Douglas Rd and I-470 with a total of five locations in the Kansas City metropolitan area.