Overview:
The Georgia Tech Research Institute (GTRI) is the nonprofit, applied research division of the Georgia Institute of Technology (Georgia Tech). Founded in 1934 as the Engineering Experiment Station, GTRI has grown to more than 2,900 employees, supporting eight laboratories in over 20 locations around the country and performing more than $940 million of problem-solving research annually for government and industry. GTRI's renowned researchers combine science, engineering, economics, policy, and technical expertise to solve complex problems for the U.S. federal government, state, and industry.
Georgia Tech's Mission and Values
Georgia Tech's mission is to develop leaders who advance technology and improve the human condition. The Institute has nine key values that are foundational to everything we do:
1. Students are our top priority.
2. We strive for excellence.
3. We thrive on diversity.
4. We celebrate collaboration.
5. We champion innovation.
6. We safeguard freedom of inquiry and expression.
7. We nurture the wellbeing of our community.
8. We act ethically.
9. We are responsible stewards.
Over the next decade, Georgia Tech will become an example of inclusive innovation, a leading technological research university of unmatched scale, relentlessly committed to serving the public good; breaking new ground in addressing the biggest local, national, and global challenges and opportunities of our time; making technology broadly accessible; and developing exceptional, principled leaders from all backgrounds ready to produce novel ideas and create solutions with real human impact.
Project/Unit Description
As part of the Information and Cybersecurity Department (ICD), the Information Security Operations Center (ISOC) Splunk Architect/Engineer will play an integral role in the administration, configuration, and technical enrichment of GTRI’s Splunk instance. The ideal candidate for this role is a cybersecurity focused Splunk subject matter expert who can architect and engineer solutions in Splunk and participate in incident response and forensic investigations using Splunk as needed. The ISOC Splunk Architect/Engineer will work closely with the ISOC analysts and Lab IT Directors to create tailored alerts and onboard necessary data. This role reports to the ISOC Manager. This position has been designated as hybrid and work will be performed within Eastern Time (ET) Zone.
Job Purpose
Requires extensive knowledge of computer operating systems, networks, log analysis and security tools.
Applies engineering principles to cybersecurity challenges.
Necessary skill areas: fundamentals of computer science, information analysis, testing software, log analysis, event correlation, anomaly detection, and behavioral analysis.
Defining cybersecurity controls for different systems and networks.
Creates novel cyber security technology components to ensure that critical systems/information are resilient to cyber exploits and attacks.
Performs attendant vulnerability assessments, analysis, and software engineering and design.
Ensures cybersecurity needs established and maintained for operations, security requirements definition, security risk assessment, information systems analysis, information systems design, information systems hardening, configuration and maintenance of other security boundary devices (IDS/IPS, Firewalls, perimeter routing) and vulnerability scanning, incident response, disaster recovery, and operations continuity planning and provides analytical support for security policy development and analysis.
Engineers, implements, and maintains Information Technology Infrastructure and associated cybersecurity controls.
Areas of responsibility include but are not limited to information security operations, cyber risk & intelligence, data loss & fraud protection, regulatory compliance, policy management and audits & assessment.
Key Responsibilities
- Helps with the validation security control configuration on systems, ensure all systems are configured to necessary controls, such as NIST, DFARS 252.204-7012, CMMC, and other similar requirements.
- Performs day to day analysis of security threats.
- Performs day to day remediation of security incidents.
- Provide leadership to lower-level cybersecurity and IT professionals across the enterprise.
Additional Responsibilities
- Administer the Splunk application infrastructure for ICD/GTRI.
- Provide support for design, architecture, development, deployment, installation, configuration, integration, operation, and maintenance of Splunk resources.
- Create standardized documentation for Splunk deployments.
- Deploy and maintain dashboards, reports, alerts, technology apps/add-ons, and Common Information Model (CIM) compliance.
- Support the expansion of the current Splunk environment to include Splunk Enterprise Security (ES) and Security Orchestration, Automation & Response (SOAR).
- Support system and data integration within the security tool ecosystem within ICD
- On-board additional data sources with the assistance of stakeholders across the institution.
- Tune new and existing data streams, alerts, reports, and data models.
- Identify and remediate gaps in existing Splunk security posture and deployment.
- Mentor junior analysts in Splunk use and best practices.
Required Minimum Qualifications
- Experience in implementing Splunk applications, tools, and add-ons, including ES and SOAR.
- Solid technical understanding of cybersecurity concepts, standards, guidelines, and principles.
- Strong written and oral communication skills.
- One or more intermediate cybersecurity certifications such as: Certified Ethical Hacker (CEH), PenTest+, GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Enterprise Defender (GCED), GIAC Certified Forensic Analyst (GCFA), GIAC Certified Incident Handler (GCIH) or equivalent.
- One or more baseline specialized certifications such as: Splunk Cloud Certified Admin, Splunk Enterprise Certified Admin, Splunk Enterprise Certified Architect.
Preferred Qualifications
- Active Secret clearance.
- Master’s degree in a related field and/or a minimum of 6 years of equivalent experience in Splunk/SIEM administration.
- One or more advanced cybersecurity certifications such as: Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or equivalent.
- One or more intermediate specialized certifications such as: Splunk Enterprise Security Certified Admin, Splunk SOAR Certified Automation Developer, Splunk Certified Cybersecurity Defense Analyst.
Travel Requirements
<10% travel
Education and Length of Experience
This position vacancy is an open-rank announcement. The final job offer will be dependent on candidate qualifications in alignment with Research Faculty Extension Professional ranks as outlined in section 3.2.1 of the Georgia Tech Faculty Handbook
- 5 years of related experience with a Bachelor’s degree in Cybersecurity, Information Security, Systems Engineering, Cybersecurity Engineering, Cybersecurity Architect or related field.
- 3 years of related experience with a Masters’ degree in Cybersecurity, Information Security, Systems Engineering, Cybersecurity Engineering, Cybersecurity Architect or related field.
- 0 years of related experience with a Ph.D. in Cybersecurity, Information Security, Systems Engineering, Cybersecurity Engineering, Cybersecurity Architect or related field.
U.S. Citizenship Requirements
Due to our research contracts with the U.S. federal government, candidates for this position must be U.S. Citizens.
Clearance Type Required
Candidates must be able to obtain and maintain an active security clearance.
Benefits at GTRI
Comprehensive information on currently offered GTRI benefits, including Health & Welfare, Retirement Plans, Tuition Reimbursement, Time Off, and Professional Development, can be found through this link: https://hr.gatech.edu/benefits
Equal Employment Opportunity
The Georgia Institute of Technology (Georgia Tech) is an Equal Employment Opportunity Employer. The University is committed to maintaining a fair and respectful environment for all. To that end, and in accordance with federal and state law, Board of Regents policy, and University policy, Georgia Tech provides equal opportunity to all faculty, staff, students, and all other members of the Georgia Tech community, including applicants for admission and/or employment, contractors, volunteers, and participants in institutional programs, activities, or services. Georgia Tech complies with all applicable laws and regulations governing equal opportunity in the workplace and in educational activities.
Georgia Tech prohibits discrimination, including discriminatory harassment, on the basis of race, ethnicity, ancestry, color, religion, sex (including pregnancy), sexual orientation, gender identity, gender expression, national origin, age, disability, genetics, or veteran status in its programs, activities, employment, and admissions. This prohibition applies to faculty, staff, students, and all other members of the Georgia Tech community, including affiliates, invitees, and guests. Further, Georgia Tech prohibits citizenship status, immigration status, and national origin discrimination in hiring, firing, and recruitment, except where such restrictions are required in order to comply with law, regulation, executive order, or Attorney General directive, or where they are required by Federal, State, or local government contract.
All members of the USG community must adhere to the USG Statement of Core Values, which consists of Integrity, Excellence, Accountability, and Respect. These values shape and fundamentally support our University's work. Additionally, all faculty, staff, and administrators must also be aware of and comply with the Board of Regents and Georgia Institute of Technology's policies on Freedom of Expression and Academic Freedom. More information on these policies can be found here: Board of Regents Policy Manual | University System of Georgia (usg.edu).