Splunk Administrator

  • SAIC,
  • Washington, DC
  • 8 hours ago
company banner
SAIC
Security, Manager, Architect, Windows, Linux, PowerPoint, Solaris, Oracle, Database, IT, Analyst
Full Time

Job Description

Description

SAIC is seeking a Splunk Administrator to join SAIC to support our PBcustomer in Washington, D.C. This position is a member of a team that supports the Pension Benefit Guaranty Corporation (PBGC), an independent agency of the United States government. The team operates within the agency's Information Technology Infrastructure Operations Department (ITIOD). The role is a part of the Security Operations team in support of the PBITIOD. The successful candidate will perform Splunk platform administration and related tasks, reporting to the Security Operations Manager.

  • Architect, design, support, and maintain Splunk infrastructure for a highly available and disaster recovery configuration.
  • Support and maintain complete logging infrastructure including, but not limited to, log storage, syslog and Windows Event Collector servers, and database connections
  • Administer Splunk Enterprise Security.
  • Troubleshoot Splunk platform and application issues, escalate the issue and work with Splunk support to resolve issues.
  • Create and manage Splunk knowledge objects (field extractions, macros, event types, etc.).
  • Onboard new data sources into Splunk, analyzed the data for anomalies and trends, and built dashboards highlighting key trends.
  • Perform data mining and analysis, utilizing various queries and reporting methods.
  • Implement KV stores, lookups, and data model acceleration to optimize search performance and reporting.
  • Build and integrated contextual data into notable events.
  • Interact with end users to gather requirements.
  • Perform routine health checks, maintenance tasks, update, upgrade, and implement new capability.
  • Monitor the agent and server infrastructure for capacity planning and optimization
  • Develop security use cases within Splunk Enterprise Security for SOC consumption
  • Mentor users and other groups on their use of Splunk.
  • Develop, execute, and improve work instructions, architecture diagrams and other technical documentation related to Splunk update, upgrade, and health check.
  • Monitor license consumption/make recommendations based on trends in license usage
  • Effectively and accurately document work in various formats including work instructions, change management requests, incident tickets, and email.
  • Improve efficiency through process improvement and automation.
  • The individual must have hands-on technical knowledge of some of the following: SIEM, networking, Linux administration, Windows administration, scripting, and automation.
  • The individual must be able to communicate effectively with a minimum of supervision in verbally and in writing. Must be able to use Word, PowerPoint, and SharePoint effectively.

#PB

This position is temporarily remote due to Covid-19.

Qualifications

EXPERIENCE & EDUCATION :
  • Expertise with Linux and command-line interface.
  • Intermediate level understanding of Solaris, Linux, and Windows operating systems and Oracle/MSSQL databases.
  • Experience deploying apps within Splunk and administrating the Splunk platform.
  • Experience with data normalization and data modeling within the Splunk environment.
  • Experience in creating and managing Splunk DB connects Identities, Database connections, Database inputs, outputs, lookups, access controls
  • Experience with the development of documentation, architecture diagrams, and process and procedures for end users.
  • Experience with Regular Expressions (regex).
  • Knowledge of Splunk architecture and best practices.
  • Knowledge of advanced search and reporting commands.
  • Knowledge of network technology and common internet protocols.
  • Understanding of system log files and other structured and non-structured data.
  • Understand methods of collection, logging, windows filtering, and tuning / baselining data.
  • Bachelor's degree plus seven (7) years of related information security experience otherwise ten (10) years of IT work experience.
  • Five (5) years of experience in administering Splunk.
  • Three (3) years of experience in administering Operation systems (Windows and Linux).
  • Two (2) years of experience in scripting and automation.
  • Three (3) years of experience developing, executing, and improving work instructions and other technical documentation related to Splunk Administration.
  • Current Splunk User and Power User certification required.
  • Current Splunk Certified Administrator required; Splunk Architect highly preferred.

SECURITY CLEARANCE : All candidates for consideration must be eligible to obtain a US Public Trust Clearance.


My SAIC Benefits.


Company Information

Dice Id : 10111346
Position Id : 2014721
Originally Posted : 3 months ago

Similar Positions at SAIC

Windows Server Admin TS SCI
  • Laurel, MD
  • 2 days ago
Sr. Oracle Database Administrator
  • Arlington, VA
  • 2 days ago
Security Tools Administrator
  • Washington, DC
  • 2 days ago
Database Administrator III (MySQL)
  • Springfield, VA
  • 2 days ago
Senior Database Administrator
  • Fort Meade, MD
  • 2 days ago
Systems Administrator
  • Reston, VA
  • 2 days ago
Systems Administrator
  • Washington, DC
  • 2 days ago
Senior System Administrator
  • Reston, VA
  • 2 days ago
ServiceNow Technical Administrator
  • Mclean, VA
  • 2 days ago
Systems Administrator
  • Springfield, VA
  • 2 days ago