Cyber Risk Defense Consultant
Navigating the Hiring Process
We're here to support you!
Having trouble with your account or have questions on the hiring process?
Please visit the FAQ page on our website for assistance.
Need help with your computer and browser settings?
Do you need a reasonable accommodation due to a disability?
A reasonable accommodation is any modification or adjustment that enables you to fully participate in completing the following:
- Online Submissions
- Pre-Hire Assessments
- Interview Process
Please submit your accommodation request and an HR Representative will contact you.
The Splunk Infrastructure Administrator is responsible for maintaining and administering servers and infrastructure supporting Kaiser Permanente's Security Information & Event Management (SIEM) platform. The resource will augment an existing team and will perform system administration tasks on a very large and complex Splunk Enterprise environment supported by a distributed and highly available Red Hat infrastructure.
The Splunk Infrastructure Administrator will be responsible and accountable for the following:
- Performing system administration on more than 300 virtualized and physical infrastructure systems
- Testing and deploying operating system, firmware, and application patches
- Development of system automation using Ansible scripting and Python development
- Build and deployment of new infrastructure/servers supporting the KP SIEM and Privacy Monitoring applications
All applicants must possess, at minimum, the following active certifications:
- Red Hat Certified System Administrator, Engineer, and/or Architect
- Red Hat Certified Specialist in Advanced Automation
In addition to active Red Hat certification(s), successful candidates must also have practical experience with the following:
- Automation development using Ansible scripting
- Python development
- Red Hat Satellite administration
- VMWare and ESXi administration
- Splunk Administration
- Conducts or oversees business-specific projects by applying deep expertise in subject area; promoting adherence to all procedures and policies; developing work plans to meet business priorities and deadlines; determining and carrying out processes and methodologies; coordinating and delegating resources to accomplish organizational goals; partnering internally and externally to make effective business decisions; solving complex problems; escalating issues or risks, as appropriate; monitoring progress and results; recognizing and capitalizing on improvement opportunities; evaluating recommendations made; and influencing the completion of project tasks by others.
- Practices self-leadership and promotes learning in others by building relationships with cross-functional stakeholders; communicating information and providing advice to drive projects forward; influencing team members within assigned unit; listening and responding to, seeking, and addressing performance feedback; adapting to competing demands and new responsibilities; providing feedback to others, including upward feedback to leadership and mentoring junior team members; creating and executing plans to capitalize on strengths and improve opportunity areas; and adapting to and learning from change, difficulties, and feedback.
- Leads team in the proactive monitoring and/or response to known or emerging threats against the KP network.
- Effectively communicates investigative findings to non-technical audiences.
- Plans and facilitates regular operations meeting with TDA, TRI, and/or TAG teams.
- Supports closed loop processes on security efforts by providing feedback to the TDA leads and/or leadership.
- Participates in information fusion procedures across operations and engineering, including activities such as Use Case planning/development, Use Case quality assurance validation, and response procedure documentation.
- Serves as a liaison between stage teams and upper management by identifying issues, improvement areas, or security/architectural gaps and suggesting appropriate improvements.
- Drives the development of the CDC intellectual capital by leading process or procedure improvements, consulting on brown bag training sessions, and leading the development of new training documents.
- Partners with the CDC Policy Engineers and Remediation teams to contain identified issues and determine the best approach for improving security posture.
- Facilitates follow-up remediation design and review efforts.
- Leads the investigation and triage of security events across multiple domains.
- Leads complex data analyses in support of security event management processes, including root cause analysis.
- Coordinates the response and resolution of high impact or critical cyber security incidents.
- Leads the deployment of threat detection capabilities and/or incident response plans which may include after-hours support and coordination among responsible teams.
- Drives the execution of incident detection and/or handling processes which may include containment, protection, and remediation activities.
- Minimum two (2) years in an informal leadership role working with project or technical teams.
- Bachelors degree in Business Administration, Computer Science, Social Science, Mathematics, or related field and Minimum eight (8) years experience in IT or a related field, including Minimum two (2) years in information security or network engineering. Additional equivalent work experience may be substituted for the degree requirement.
- One (1) year supervisory experience
- Two (2) years of work experience in a role requiring interaction with senior leadership (e.g., Director level and above)
- Two (2) years experience working on cross-functional project teams
- Three (3) years work experience requiring the development of technical documents or presentations.
- Three (3) years experience in IT incident management, including the development and/or deployment of remediation plans.
- Three (3) years experience in large scale cyber security data analytics, including the identification of data-driven threat collection opportunities.
- Three (3) years experience researching, developing, and implementing data-driven threat detection capabilities.
- Three (3) years experience in cyber security threat research or large scale data analytics.
- Three (3) years experience in cyber security data analytics.
- Three (3) years in the operation of data protection and/or DLP solutions.
- Three (3) years in the operation of SIEM solutions.
- Three (3) years experience in cyber security threat and/or vulnerability research.
- Three (3) years experience in cyber security vulnerability or threat investigation.
- Masters degree in Business Administration, Computer Science, Social Science, Mathematics, or related field.
- Security certification (Security+, CISSP, CISA).
- Global Information Assurance certification(s).