Siem Content Manager Supporting The Dhs Network Security Operations Center
CurrentDevelop content for a complex and growing Splunk infrastructure by combining the collection, management, and analytics capabilities/ correlation of the different data-sources: IDS, Proxy, DNS, FireEye and email logs.Create, enhance, and continuously improve an integrated set correlation searches, reports, dashboards, in response to new threats.Develop processes for application use by all Splunk users.Perform threat research/analysis in order to enhance SOC rule sets.Automate and Integrate threat intelligence from commercial vendor and other government agencies.Review and analyze escalated security events, logs, network traffic to identify security incidents. Products include Splunk SE, Crowdstrike, proofpoint, Swimlane, Mandiant MSV, Sourcefire, Palo Alto IDS, Bluecoat...