Senior Splunk Admin & Architect

Title: Senior Splunk Admin & Architect
Location: Remote

Job details:

• Administer a complex Splunk infrastructure made up of 50 servers.
• Administer Splunk premium apps such as Enterprise Security and IT Service Intelligence.
• Integrate various tools with Splunk to support automation.
• Participate in the Splunk Center of Excellence and provide support to customers and stakeholders.
• Provide assistance to customers and stakeholders for searches, reports, and dashboards.
• Work with SOC analysts to tune and tweak Splunk Enterprise Security correlation searches, reports, dashboards, etc. for monitoring cyber intrusions, anomalies, and threats
• Perform data onboarding activities.
• Perform user onboarding activities.
• Continually monitor and assess data accuracy in Splunk.
• Perform Splunk App/add-on development.
• Implement Splunk changes based on the Splunk Center of Excellence change management procedures.
• Document various Splunk processes, procedures, and workflows.
• Work closely with the Federal Splunk SME to perform other Splunk-related tasks.
• Work closely with SOC personnel to implement custom integrations and developments in Splunk.
• Work with Ansible, BitBucket, and other version/change control and automation tools to effectively administer the Splunk environment.
• Have a thorough understanding of Splunk Enterprise Security, and experience fully operationalizing Splunk Enterprise Security in SOCs
• Experience with scripting languages is a MUST (Python, Powershell, Shell and Batch Scripting, Javascript, etc.)
• Experience with custom development in Splunk using the Splunk SDK.
• Experience administering Linux OS is a MUST, Windows experience is a plus. System Administration
• Additionally, we would prefer the SME to hold a Splunk Architect certification, but also understand that some really good Splunkers may not hold that cert.

Splunk Support Scope:

• Information System Monitoring assets monitored for threats/anomalies in the SOC s cybersecurity ecosystem
• Monitor SIEM for notable events and work with customer to investigate and remediate events within 5 minutes
• Continually review existing Splunk correlation searches, reports and dashboards for data accuracy and tweak
• Gather requirements for monitoring assets using Splunk, develop reports and dashboards based on the requirements
• Investigate triggered signatures to identify threats and false positives
• Perform Splunk upgrades, updates and patches