Splunk Administrator

Job Title: Splunk Administrator

Location: Washington, DC (Hybrid)

Duration :: Long Term Role

Job Description::

Key Responsibilities:

Administer and maintain Splunk Enterprise and Splunk ES, ensuring availability, performance, and stability.

Manage log ingestion pipelines, including syslog servers, Windows Event Collectors, and application connectors.

Onboard and normalize new data sources, validate data quality, and ensure mapping to the Common Information Model (CIM).

Create, maintain, and optimize Splunk knowledge objects (field extractions, lookups, macros, event types, tags, etc.).

Develop and tune dashboards, reports, and alerts to support incident response operations and compliance requirements.

Monitor Splunk license consumption and system capacity; make recommendations for scaling and optimization.

Troubleshoot Splunk forwarders, search head, and indexer issues to maintain operational continuity.

Implement KV stores, lookups, and data model acceleration to improve search and reporting performance.

Support security use case development in Splunk ES for security incident response analysts.

Assist end users with queries, dashboards, and reporting needs, providing mentorship in SPL and best practices.

Maintain documentation, including SOPs, technical designs, and architecture references.

Monitor Splunk infrastructure health and contribute to proactive capacity planning.

Participate in team meetings, planning sessions, and technical reviews.

Qualifications

Bachelor s degree in Cybersecurity, Computer Science, Information Systems, Engineering, or related technical discipline; OR 10+ years of equivalent IT experience.

6+ years of hands-on Splunk administration experience in enterprise environments.

Current or recent Splunk Certified Administrator certification preferred.

Strong Linux command line experience; familiarity with Windows and Unix system administration.

Demonstrated experience with Splunk ES, CIM, and advanced search/reporting commands.

Knowledge of log ingestion methods, normalization, and baselining techniques.

Experience with regular expressions (regex) for field extractions and data parsing.

Familiarity with security technologies such as endpoint protection, IDS/IPS, firewalls, and vulnerability management.

Strong troubleshooting skills across distributed IT infrastructures.

Excellent written and verbal communication skills, with the ability to document technical processes and collaborate across teams.

Preferred Qualifications:

Experience in a Security Operations Center (SOC) environment.

Experience with data modeling, use case development, and alert tuning.

Familiarity with NIST and federal cybersecurity frameworks (e.g., FISMA, OMB, FedRAMP).

Security certifications such as Security+, CISSP, or GSEC.

Experience with other SIEM tools (e.g., ELK, Azure Sentinel).

Clearance Requirement

All candidates must be eligible to obtain and maintain a U.S. Public Trust clearance.

**This hybrid role requires a minimum of three on-site days per week in Washington, DC.**