Splunk Administrator

About The Position

Requirements

• LEVEL IV: Bachelor's degree in a related field, with eight (8) to (10) years' experience is required; OR Masters degree in a related field with six (6) to (8) years' experience; OR PhD with three (3) to five (5) years' experience.
• Must have a current DoD 8570.1-M IAT Level III certification (i.e., CASP CE, CISA, CISSP) at start.
• Must possess an active TS/SCI clearance with SCI eligibility at start.
• Experience with importing data in Splunk from various sources: endpoint security, network security (Firewalls, IPS/IDS, DNS, Proxy, etc.), data and application security, cloud security and technologies is required.
• Experience with performing systems administration, including performing installation, configuration, monitoring system performance and availability, upgrades, and troubleshooting of Splunk is required.
• Experience with designing, implementing, configuring, operating, or testing IT systems or security infrastructure is required.
• Experience building dashboards highlighting the key trends of the data is required.
• Proficiency within a Windows and Linux environment, editing and maintaining Splunk configuration files and apps is required.
• Experience in working in a Splunk clustered environment supporting SOC or NOC environment is required.
• Experience with virtualization technologies is required.

Responsibilities

• Implements, tests, and operates advanced software security techniques in compliance with technical reference architecture.
• Performs on-going security testing and code review to improve software security.
• Troubleshoots and debugs issues that arise.
• Provides engineering designs for new software solutions to help mitigate security vulnerabilities.
• Contributes to all levels of the architecture and maintains technical documentation.
• Consults team members on secure coding practices and develops a familiarity with new tools and best practices.
• Designs, implements, and maintains SIEM and SOAR solutions.
• Designs and implements threat detection, automates incident response processes, integration of various security tools with SIEM and SOAR platforms via APIs.
• Maintains SIEM applications to collect and aggregate IDS and IPS data from network sensors, raw data from collection agents, firewalls, proxy servers, DLP, antivirus, vulnerability scanner elements, and other security-relevant devices.
• Utilizes expertise in Splunk 'Search' language, Splunk Dashboards, Reports, Lookup Tables, and Summary Indexes.
• Build Splunk dashboards that take inputs from various data sources such as application logs / operating system logs / middleware logs / network feeds etc. and identify / highlight anomalous activities on the dashboards by their severity levels.
• Performs troubleshooting and provides assistance with the creation of Splunk search queries and dashboards.