Splunk Administrator - Military veterans preferred

SAIC (www.saic.com)


  full-time   employee

District of Columbia
United States


SAIC is seeking a Splunk Administrator to come support our PBGC customer in Washington, D.C.

Responsibilities include:

Administer Splunk Enterprise Security
Architect, design, support, and maintain Splunk infrastructure for high availability and disaster recovery configuration
Support and maintain complete logging infrastructure including, but not limited to, log storage, syslog and Windows Event Collector servers, and database connections
Troubleshoot Splunk server and forwarder issues
Tune search and indexer performance
Create and manage Splunk knowledge objects (field extractions, macros, event types, etc.) 
On-board new data sources into Splunk, analyzed the data for anomalies and trends, and built dashboards highlighting key trends
Perform data mining and analysis, utilizing various queries and reporting methods
Monitor and troubleshoot existing input (file monitoring, http, modular) 
Map customer data to the Splunk Common Information Model (CIM)
Implement KV stores, lookups, and data model acceleration to optimize search performance and reporting
Build and integrated contextual data into notable events
Interact with end users to gather requirements
Develop security use cases within Splunk Enterprise Security for SOC consumption
Mentor users and other groups on their use of Splunk
Technical writing/creation of formal documentation such as architecture diagrams, technical designs, and SOPs
Monitor the agent and server infrastructure for capacity planning and optimization
Monitor license consumption/make recommendations based on trends in license usage



 Bachelor's degree in an Information Technology field plus five (5) years of related information security experience.  Masters and three (3) years or more experience; PhD and 0 years related experience.
Current Splunk Certified Administrator required; Splunk Architect highly preferred
Current Splunk User and Power User certification required  
Experience deploying applications within Splunk or administrating the Splunk platform
Experience with data normalization and data modeling within the Splunk environment
Knowledge of Splunk architecture and best practices
Expertise with Linux and command-line interface
Understand methods of collection, logging, windows filtering and tuning/base-lining data
Intermediate level understanding of Solaris, Linux, and Windows operating systems and Oracle/MSSQL databases
Experience working with security technologies to include endpoint security tools, boundary protection technologies, network security tools, and vulnerability management technologies.
Experience with the development of documentation, architecture diagrams, and process and procedures for end users
Experience with Regular Expressions (regex)
Knowledge of advanced search and reporting commands
Knowledge of network technology and common Internet protocols
Understanding of system log files and other structured and non-structured data

 SECURITY CLEARANCE: All candidates for consideration must be eligible to obtain a US Public Trust Clearance. 

Desired Qualifications