Splunk Administrator with Security Clearance

---

Job description

Duties & Responsibilities: Serve as Splunk Administrator responsible for planning, managing, and implementing Splunk across multiple enterprise networks and implementations. Provide expertise as it relates to Splunk implementations. Recommend and support changes to Splunk deployments. Support Indexer Clustering, Search Head Clustering, and Forwarders. Monitor, troubleshoot, and analyze overall health of Splunk infrastructure to include daily indexing volume, search volume and performance, data source reporting, user activity reporting, and custom apps/dashboards/visualizations. Perform root cause analysis on any issues with recommendations. Implement tactical and strategic solutions to problems. Develop, manage, and maintain documents supporting Splunk architecture and operational processes. Data onboarding techniques such as syslog, DB Connect (dbConnect), Universal Forwarder (UF), HTTP Event Collector (HEC), and custom scripting. Express a working knowledge of Linux to include use cases supporting patching, SSL toolset, capacity planning, routing protocols, and firewall rules. SPL/Dashboard experience in support of user analytics, systems performance, security, and environmental health. Knowledge of Splunk DataModels and their management to include implementation, tuning, and data normalization. Familiarity with Department Information Systems Agency (DISA) Security Technical Implementation Guidelines (STIGs) checklists applicable to each Non-classified or Secret Internet Protocol (IP) Router Network (NIPRNet, SIPRNet) network environment for all Splunk implementations. Implement/create report dashboard designs, automated custom email report notifications, report log data repositories for each environment that are specific to the following audiences: Leadership & Executives; Cybersecurity Staff; and System Administrators Qualifications/Requirements: Splunk Administrator candidate should have a minimum of 3+ years of Splunk products experience. Splunk experience performing administration in a large-scale environment. Preferably overseeing daily, weekly, monthly functions and following best practices. Identify, analyze, define, & coordinate user, client, and stakeholder needs and translate them into technical requirements. Support day-to-day technical communication systems and incident tickets in support of operations. Be familiar with scripting tools such as Python, Bash, and SPL. Firm understanding of REGEX. Candidate should have experience in: o system Integration and/or administration for Splunk users, searches/reports, dashboards, systems, or onboarding 3rd party log data. o Windows OS, UNIX or Linux-based systems support with experience in mid-to-large data center environments and patch/update management. o Demonstrated advanced diagnostics, analytical, troubleshooting skills. Experience with physical servers and those hosted within virtualized environments such as VMware vSphere's vCenter Server Appliance. Must be able to push/pull, lift, or carry up to 50 lbs. Must be willing to travel up to 5% (3 weeks) of the year, dependent on contract needs and requirements that may arise. Education/Certification(s): Technical degree, Associates or, bachelor's degree in computer science/information systems, Science/Engineering/Math, or 2-4 years' relevant experience in Information Technology preferably within system or application administration is acceptable. There are three required certifications for this position, of which two are required to start on the contract and one that must be earned within 90 days of start. Requires one of the following DoD 8570.01-M Information Assurance Technical (IAT) Level II certification to begin on contract: CompTIA Security+ CE (Continuing Education) CompTIA Cybersecurity Analyst (CySA+) CE (Continuing Education) (ISC) Systems Security Certified Practitioner (SSCP) GIAC Global Industrial Cyber Security Professional (GICSP) GIAC Security Essentials Certification (GSEC) (ISC) Systems Security Certified Practitioner (SSCP) Requires one of the following Computing Environment/Operating System (CE/OS) to begin on contract (Linux/Unix preferred): Microsoft 365 Certified: Identity and Access Administrator Associate Microsoft 365 Certified: Endpoint Administrator Associate Microsoft 365 Certified: Azure Administrator Associate Linux Foundation Certified System Administrator (LFCS) (Preferred) LPIC-1 (Preferred) Linux+ (Preferred) Requires the following technical certifications within 45 days of starting on the contract: Splunk Enterprise Certified Admin Clearance: Active DoD Secret required or ability to complete investigation process for interim with potential to upgrade to Top Secret clearance preferred.

<!– job description page –>