Vacancy expired!
Splunk Administrator
VA, Arlington 22202 Security Clearance: U.S. Citizen, Current Security Clearance, Secret Skills: Splunk, SOC, SOAP, JSON, REST API, Scripting, RegEx, Linux CLI, Windows, CybersecurityWe are recruiting for a Splunk Administrator to support DoD Security Operations Center (SOC) environment. Qualified candidates will have experience developing cybersecurity monitoring content in Splunk and experience working a DoD or SOC environment. Duties and responsibilities include:- Support development of cybersecurity monitoring content in Splunk to support SOC monitoring capabilities
- Integrate Splunk with application data sources
- Refine audit levels at log source and Splunk log ingest settings to maximize program capability to monitor for cybersecurity-relevant events
- Provide consultation to government client, as requested, to customize and configure Splunk to meet program requirements
- Provide administration for Splunk and Splunk Apps including developing new or extending existing Apps to perform specialized functionality
- Support a blended team working closely with Infrastructure, Application, and Cybersecurity project teams for Splunk activities
- Develop and maintain documentation related to the engagement and architecture, operational processes and training materials
- U.S. citizenship
- Current secret security clearance (at a minimum)
- Bachelor's degree is required; IT related discipline is preferred
- 5+ years of experience with Splunk administration including security information and event management (SIEM) integrations
- 5+ year of experience developing Splunk queries, reports, alerts, dashboards, and knowledge objects
- Experience with Splunk dashboard design is preferred
- Experience in Splunk configuration files, RegEx and comfort in using the Linux CLI and Windows
- Experience using Splunk to perform above baseline threat hunting in a SOC or DCO environment
- Experience in SOAP, JSON, REST API, web-based technologies and scripting languages including JavaScript, Python, Perl and shell scripting, XML, HTML
- Experience in requirements analysis, engineering, and testing in real world environments
- Effective written and verbal communication skills to work with a blended government and contractor team
- Experience in Splunk DB Connect, ITSI, HEC is preferred
- Splunk certified preferred
- Experience with SAP, HANA database, and/or system architecture is preferred
- Experience presenting information to customer audiences (prior presentations to groups up to 30 people) is preferred
- Experience providing mentorship to junior team members, as requested, for Splunk related activities is preferred
Vacancy expired!