CDS Service Intelligence Specialist (Secret Clearance Required)

About The Position

Requirements

• Typically requires a University Degree or equivalent experience and a minimum 5 years of experience, or an Advanced Degree and a minimum 3 years experience.
• 2+ years of Splunk Administration, with at least 1 year focused specifically on ITSI.
• SPL Proficiency: Ability to write complex searches, use eval, stats, and join efficiently, and optimize searches for performance.
• ITSI Modules: Experience with the Service Analyzer, Notable Event Review, and Deep Dives.
• CIM Knowledge: Experience mapping data to the Common Information Model (CIM) to ensure seamless ITSI integration.
• Data Onboarding: Experience configuring forwarders and technical add-ons (TAs) to bring data into Splunk for ITSI consumption.
• Jira Integration Experience: Experience using the Splunk Add-on for Jira or the ITSI Action Center to push data to JSM.
• API & Webhooks: Comfortable working with REST APIs and Webhooks to troubleshoot communication issues between Splunk and the Atlassian Data Center on-prem environment.
• ITSM Process Knowledge: Basic understanding of ITIL frameworks (Incident, Problem, and Change Management) to ensure technical alerts follow business governance.
• Solid understanding of IT infrastructure components (servers, networks, databases, cloud platforms, etc.) and their interdependencies.
• Proficiency in scripting languages such as Python or PowerShell for automation and customization.
• Active and transferable U.S. government issued security clearance is required prior to start date.
• U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance.

Nice To Haves

• Splunk certifications, such as "Splunk Enterprise Certified Admin" or “Splunk IT Service Intelligence Certified Admin”
• Experience with ITIL concepts and practices.
• Knowledge of additional monitoring tools and platforms.
• Experience working in large-scale IT environments or industries such as aerospace, defense, or manufacturing.

Responsibilities

• Service & KPI Construction: Build and maintain Services within ITSI. Define and tune KPIs using Base Searches to ensure high-performance data retrieval.
• Threshold Management: Implement and manage Adaptive Thresholding to account for data trends (e.g., peak vs. off-peak traffic) and reduce false positives.
• Episode Management: Design and refine Aggregation Policies to group related notable events into actionable Episodes, significantly reducing the "noise" sent to on-call engineers.
• Entity Mapping: Manage Entity Discovery and ensure infrastructure components (servers, containers, cloud instances) are correctly associated with their respective services.
• Glass Table Development: Create and update functional Glass Tables for both technical deep-dives and executive-level status views.
• Troubleshooting & Maintenance: Monitor the health of the ITSI environment itself, ensuring search head performance isn't degraded by inefficient KPI searches.
• Bidirectional JSM Integration: Configure and maintain the Splunk ITSI Module for JSM. Ensure that ITSI Episodes automatically create, update, and close Jira tickets based on service health status.
• Incident Workflow Automation: Map ITSI "Severity" and "Priority" levels to JSM Incident fields to ensure the right on-call teams are notified via the correct queues.
• Alert-to-Ticket Optimization: Refine Aggregation Policies to ensure JSM isn't flooded with duplicate tickets; implement "flapping" logic to prevent tickets from reopening unnecessarily.
• Service Mapping Alignment: Synchronize the ITSI Service Tree with the JSM Service Registry to ensure consistent reporting across the ITIL lifecycle.

Benefits

• healthcare, wellness, retirement and work/life benefits
• career development and recognition programs
• parental (including paternal) leave
• flexible work schedules
• achievement awards
• educational assistance
• child/adult backup care