Senior Principal Splunk Administrator

About The Position

Requirements

• Bachelor's degree in a related specialized area or equivalent is required plus a minimum of 10 years of relevant experience; or Master's degree plus a minimum of 8 years of relevant experience.
• Due to the nature of work performed within our facilities, U.S. citizenship is required.
• Understanding and experience administering typical host and network-based security tools.
• Advanced knowledge of backend operating systems to implement, maintain, configure, and remediate issues (UNIX/Linux/Windows)
• Knowledge of operating systems and networking.
• Understanding of SIEM & logging fundamentals.
• Understanding of SOC Monitor and Response fundamentals.
• Experience in any type of SIEM – Splunk, ArcSight, Log Rhythm, etc.
• Understanding of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
• Knowledge of various operating system flavors including but not limited to Windows, Linux, Unix.
• Knowledge of applications, databases, middleware to address security threats against the same.
• Proficient in preparation of reports, dashboards, and documentation.
• Excellent communication and leadership skills.
• Ability to handle high pressure situations with key stakeholders.
• Good Analytical skills, problem solving and Interpersonal skills.
• Working knowledge and experience with MS office with proficiency in Excel.

Nice To Haves

• Splunk Cloud certified admin preferred.

Responsibilities

• Work in tandem with our Splunk engineers to ensure we are meeting enterprise logging requirements.
• Ensure Splunk on-prem components are kept in line with the latest Splunk release candidates.
• Work to ensure our Splunk components are patched and hardened per corporate security guidelines.
• Be intimately familiar with configuration, deployment, and troubleshooting of Splunk components both on-prem and in the cloud; search heads, indexers, universal forwarders, heavy forwarders.
• Be considered an advanced Splunk Query Language user.
• Be able to install, deploy, and troubleshoot Splunk Apps in a multi-site clustered and distributed deployment.
• Be able to scale, upgrade, and troubleshoot a multi-site clustered and distributed Splunk deployment.
• Understanding knowledge of log aggregation and correlation of events.
• Develop dashboards with visual metrics for needed stakeholders.
• Ability and knowledge to maintain and preserve data integrity.
• Standardize and implement agnostic SIEM tools for deployment, configuration and maintenance across backend systems: Linux, Windows, etc.
• Work with IT and Cyber team members across different lines of service to understand business needs for generating reports.
• Maintain, operate, tune, upgrade/patch, and monitor all LAA security related tools and products.
• Knowledge to integrate logs and events across multiple datasets, applications, network devices and operating systems.
• Provide technical advice on the product, deployment, functionality and its capabilities.
• Communicate to the needed stakeholders any new or deprecated features that may impact the business.
• Check for health alerts issues on needed systems and proceed to address then accordingly.
• Communicate with needed stakeholders or open case with toolset vendor(s) to investigate the root cause of issues.
• Familiarization with change manangement processes to ensure upgrades and patches are conducted in a way that is communicated accordingly.
• Ensure logging is kept up to par with program and customer needs.
• Attend weekly SE meeting and provide operational status updates on SIEM/Logging capabilities.