Splunk Administrator-504125

About The Position

Requirements

• Demonstrated experience working with complex system implementations and organizational processes to include maintaining system documentation.
• Strong understanding, proficiency and experience with Linux and ability to effectively manage, secure and troubleshoot Linux-based environments.
• CompTIA Linux+ or Linux Professional Institute (LPIC-1/LPIC-2) certification or Red Hat Certified System Administrator
• Familiarity with Splunk, Elastic Stack (ELK) or similar.
• Active CompTIA Security+ certification
• BS/BA degree in Computer Science, Management Information Systems, or related IT discipline.
• ALLOWABLE SUBSTITUTION: An additional four (4) years of experience can be substituted for a BS or BA degree.
• Ability to pass a high-level background investigation

Nice To Haves

• Splunk Enterprise Certified Administrator or Splunk Enterprise Certified Architect
• Microsoft Certified: Security Operations Analyst Associate (SC-200)
• Microsoft Certified: Cybersecurity Architect (SC-100)
• Microsoft Certified: Azure Fundamentals (AZ-900)
• CompTIA CySA+

Responsibilities

• Facilitate and implement Splunk infrastructure to ingest, analyze and visualize machine generated data and deploy, configure and maintain Splunk Enterprise components such as indexers, Search Heads and Forwarders.
• Create dashboards, alerts and reports for threat detection.
• Patch and maintain servers continuously to meet security compliance standards.
• Ensure that the Red Hat Enterprise Linux servers are operational and reporting properly.
• Administer and manage the organization’s security posture via deployment of security policies (Microsoft Intune), threat monitoring & response (Microsoft Defender/Sentinel), data governance-Data Loss Prevention (Microsoft Purview), configuring log analytics-develop detection rules & playbooks (Microsoft Sentinel) and ensure compliance.
• Troubleshooting application and server issues and responding to federal customer service requests.
• Utilizes software and hardware tools and identifies and diagnoses complex problems and factors affecting performance.
• Support incident response efforts by identifying vulnerabilities related to emerging threats and zero-day exploits.
• Interfaces with PMO and vendor support service groups to support Cyberspace Task Order efforts and ensure proper escalation during outages or periods of degraded system performance.
• Create/Update documentation needed to support the Splunk team requirements, taskings, deliverables, and maintenance of the tool.
• Engage in weekly Splunk engineering meetings in support of the agency’s mitigation, compliance, assessment efforts and initiatives.
• Monitor and track vulnerabilities, End-of-Life and priority action items.
• Design, build, and implement network systems.
• Perform cyber investigations and analysis.
• Research and analyze a variety of commodity and APT based malware and techniques.
• Search our existing infrastructure for signs of malware and malicious events not detected by our existing security controls.
• Administer Assured Compliance Assessment Solution (ACAS) system comprised of Security Center, Nessus Scanner and the Nessus Network Monitor.
• Administer Trellix ESS, including ePolicy Orchestrator (ePO), Solidcore, and DLP.
• The ability to work independently as well as collectively within a team, apply critical thinking techniques, and effectively communicate with federal customers and other team members, both orally and in writing.