Splunk Administrator

SpektrumNorfolk, VA
21hOnsite
Match Resume

About The Position

Spektrum have a wide range of exciting opportunities in several global locations. We are always looking to add great new talent to our team and look forward to hearing from you. Spektrum supports apex purchasers (NATO, UN, EU, and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We are looking for personnel to join our team and support key client projects. Who we are supporting The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATO's member countries and its partners. The agency was established in 2012 and is headquartered in Brussels, Belgium. The NCIA provides a wide range of services, including: Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATO's communication networks and information systems against cyber threats. Command and Control Systems: The NCIA develops and maintains the systems used by NATO's military commanders to plan and execute operations. Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces. Electronic Warfare: The NCIA provides electronic warfare services to support NATO's mission to detect, deny, and defeat threats to its communication networks. Information Management: The NCIA manages NATO's information technology infrastructure, including its databases, applications, and servers. Overall, the NCIA plays a critical role in ensuring the security and effectiveness of NATO's communication and information technology capabilities. The program Assistance and Advisory Service (AAS) The NATO Communications and Information Agency (NCI Agency) is NATO’s principal C3 capability deliverer and CIS service provider. It provides, maintains and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV, and, when required, stand together in the face of attack under Article V. To provide these critical services, in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performance-engaged workforce. The NCI Agency workforce strategically consists of three major categorise's: NATO International Civilians (NIC)'s, Military (Mil), and Interim Workforce Consultants (IWC)'s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce. Role ID – 2026-0025

Requirements

  • Expert Splunk Administrator (Minimum 2 years of experience working on complex & distributed environments)
  • Distributed Architecture: Proven experience managing and scaling complex Splunk environments, including Indexer Clustering, Search Head Clustering, and multi-site deployments.
  • Advanced Management: Deep knowledge of Splunk configuration files, data lifecycle management , and managing large-scale deployments via Deployment Servers.
  • Critical Distinction: Proposed team members have to specifically be Splunk Administrators. Proposals with team members whose experience is primarily as a Security Analysts (end-user of the UI/investigating alerts) will not be considered.
  • Minimum 2 years of hands-on experience in a Linux environment, with a proven track record in: CLI & System Navigation: Advanced command-line operations, file system management, and permissions (UID/GID, ACLs). Service Management: Demonstrated ability to independently install, configure, and troubleshoot application services (specifically Splunk) on Linux-based servers. Technical Scope: Focus is on application-level deployment; hardware configuration and kernel-level patching are excluded from the minimum requirements
  • Practical Networking & IT Security Knowledge Networking Fundamentals: Solid understanding of core protocols, specifically: DNS, HTTP(S), SSH, syslog, TCP/IP, and TLS/SSL. Security Mindset: Strong grasp of IT security principles, including: Log integrity Encryption in transit Role-Based Access Control (RBAC)
  • Practical Automation & Programming Knowledge Infrastructure Automation: Demonstrated ability to create and execute Ansible playbooks for automated infrastructure and configuration management. Scripting & Development: Proven ability to write and maintain functional scripts in Python and Bash for data processing or task automation. Version Control: Proficiency in using GitHub (or similar Git-based tools) for configuration management, including branching, committing, and merging code.
  • Valid National or NATO Secret personal security clearance

Responsibilities

  • Management of Splunk components deployed within 50+ T3 enclaves across high-side and low-side networks.
  • Operation and maintenance of a T2 SIEM environment composed of 80+ Linux servers (virtual and physical).
  • Administration of the full Splunk software stack, including: Splunk Enterprise Splunk Enterprise Security Splunk SOAR Splunk UBA
  • Management of Splunk deployments across more than 350 servers spanning T2 and T3 environments.
  • Implementation and operation of fully automated deployment and configuration mechanisms based on Ansible and Git.
  • Collection of logs from more than 20,000 endpoints, appliances, and cloud-based solutions.
  • Ensuring end-to-end log lifecycle management, including: Data collection and ingestion Parsing and normalization Storage and retention Categorization and enrichment Monitoring of data flows and data quality
  • Support and integration of new data sources into the T2 Splunk environment, including: Project-driven onboarding Continuous log collection improvements Customer-driven requests
  • Coordination with customers for the deployment and configuration of devices hosting log sources, including: Acting as the technical point of contact for log collection setup Supporting customers during the configuration of endpoints, appliances, and other log sources Ensuring proper follow-up with customers until log sources are correctly configured and successfully integrated into the Splunk platform Clarifying that endpoints, appliances, and other log sources are configured by the customer, with technical guidance and support provided by the SIEM engineer
  • Configuration and management of Splunk components hosted on Linux servers within T2 and T3 environments.
  • Execution of system-level activities requiring privileged access, including but not limited to: Syslog server configuration SELinux configuration Other OS-level configurations necessary for proper Splunk operation Coordination with the entity responsible for Linux operating system management where responsibilities overlap.
  • Ensuring that Splunk Enterprise Security is properly configured, operational, and functioning as intended. Verification that correlation rules are correctly deployed and operate reliably. Ensuring the overall quality, stability, and reliability of SIEM services delivered to security analysts. Continuous monitoring of platform health and service performance. Ongoing maintenance and optimization of SIEM and log collection services. Support for continuous improvements in log coverage, data quality, and platform efficiency. Technical support related to SIEM platform usage and data ingestion (excluding security analysis and rule creation). Definition, maintenance, and continuous improvement of operational processes related to SIEM and log collection services. Development and upkeep of technical and operational documentation covering: Platform architecture and deployment models Configuration standards and automation workflows Log collection, onboarding, and data management procedures Operational runbooks and troubleshooting guides Ensuring documentation remains accurate, up to date, and aligned with the actual state of the environments. Support to process formalization and knowledge transfer activities in coordination with relevant stakeholders. Complying with all applicable internal processes, including but not limited to Change Requests (CRs), administrative tasks, and technical and operational workflows.
  • Management of user access to the Splunk platform, including the creation, modification, and removal of user accounts and roles, in accordance with defined access control policies. Administration of permissions and role-based access controls within Splunk to ensure appropriate and secure access to data and platform features. Support to users for issues related to their use of the Splunk platform, including: Access and authentication issues Platform usage and functional questions Troubleshooting of Splunk-related user issues Coordination with relevant stakeholders to resolve user-reported issues, where required.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Education Level

No Education Listed

Job Search Resources

Similar Splunk Administrator job opportunities

Mid-Level Splunk Administrator
Apavo Corporation
Apavo Corporation • Arlington, VA3d • Onsite
Splunk Engineer
Steampunk
Steampunk • Washington, DC8d
Splunk Engineer
steampunk
steampunk • Washington, DC5d
🔥 New JobSplunk . NET Developer
Expleo
Expleo • Saint Paul, MN1d • $120,000 - $131,000 • Hybrid
Splunk Data Engineer
Booz Allen Hamilton
Booz Allen Hamilton • Tampa, FL13d • $99,000 - $225,000
Splunk Architect Lead
Agile Defense
Agile Defense • Reston, VA6d • Hybrid
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service