Splunk SME

ManTech (www.mantech.com)


  Full Time   Employee   Contractor

United States

Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must pass background investigation and be clearable to DHS EOD.

Role and Responsibilities:

  • Read, analyze and interpret business requirements, system documentation, and technical procedures
  • Secure relevant information, integrates data from different sources, and identifies possible causes of problems
  • Support operations and provide Tier 3 support for an enterprise CMaaS solution based on Splunk, ForeScout, CounterAct, McAfee ePO
  • Support Extract, Transform, and Load operations to retrieve content from ePO and ForeScout repositories as well as existing hardware, software, system boundary inventories. Maintain and present that content within Splunk
  • Push Asset Summary Reporting (ASR) content from Splunk to RSA Archer based dashboard
  • Design and implement broader data integration with RSA Archer via Restful API data draw from Splunk
  • Ensure content flow to RSA Archer is correct summary information. Identify quality procedures to ensure summary data is accurate and not more detailed than required
  • Design and build more detailed Splunk reporting for internal use cases
  • Conduct appropriate analysis and ensure calls that are unable to be resolved are appropriately forwarded to vendor
product support. Support the following:

*Provide initial problem resolution where possible

*Generate, monitor, and track incidents through resolution

*Provide software support

*Maintain frequently asked questions and their resolutions

*Obtain customer feedback and conduct surveys

  • Provide expert product capabilities and design input into solution design, build, and test activities and documentation
  • Contribute technical input to CMaaS Technical Training

Qualifications and Education/Certification Requirements:
  • Must possess 3-5 years cybersecurity experience, preferred working in and/or as an analyst to a SOC environment
  • Strong skill sets on debugging SQL stored procedures, triggers, Views, Query Optimization Techniques & query hints
  • Effectively utilize SQL Profiler
  • Understands SQL Server Metadata views and system tables
  • Familiarity with the NIST 800 publications governing the FISMA Act
  • Experience with dashboard or Security Information Event Management (SIEM) systems, including ingest of third- party data for rendering within the dashboard or SIEM
  • Ability to manipulate large volume of data in order to provide customer requested reports or charts
  • Certification: Splunk Certified Admin, or Microsoft Certified Solutions Associate SQL Server 2012, or Oracle Database Administrator Certified Professional required
  • Hands on experience with Virtualization Technology such as VMware or Virtualbox.
  • Experience with Active Directory, Log management tools and Vulnerability assessment tools.
  • Requires 2+ years? experience with at least one of the following technologies:


*RSA Archer

*Security Content Automation Protocol (SCAP)

*Asset Summary Reporting Format (ASR)

*Restful API solution integration

*McAfee ePO

*ForeScout CounterAct

* Linux Administration

identifier: POSTDICE Advertisement

To apply for this job, contact:
Human Resources

Save This Job

Email This Job to a Friend