Summit Technologies Inc. is seeking a Splunk Administrator to come support our government client. In this role you will architect, design, support, and maintain Splunk infrastructure and disaster recovery configuration. This is a hybrid role based in Washington, DC. Candidates must be eligible for a Public Trust clearance.
Duties and Responsibilities:
- Administer Splunk Enterprise Security.
- Support and maintain complete logging infrastructure such as log storage, syslog and Windows Event Collector servers, and database connections.
- Troubleshoot Splunk server and forwarder issues.
- Tune search and indexer performance.
- Create and manage Splunk knowledge objects (field extractions, macros, event types, etc.).
- On-board new data sources into Splunk, analyze the data for anomalies and trends, and build dashboards highlighting key trends.
- Perform data mining and analysis, utilizing various queries and reporting methods.
- Monitor and troubleshoot existing input (file monitoring, http, modular).
- Map customer data to the Splunk Common Information Model (CIM).
- Implement KV stores, lookups, and data model acceleration to optimize search performance and reporting.
- Build and integrate contextual data into notable events.
- Perform requirements gathering.
- Develop security use cases within Splunk Enterprise Security for SOC consumption.
- Mentor users and other groups on their use of Splunk.
- Perform technical writing and creation of formal documentation such as architecture diagrams, technical designs and SOPs.
- Monitor the agent and server infrastructure for capacity planning and optimization.
- Monitor license consumption and make recommendations based on trends in license usage.
Required Experience and Skills:
- Experience deploying applications within Splunk or administrating the Splunk platform.
- Experience with data normalization and data modeling within the Splunk environment
- Knowledge of Splunk architecture and best practices.
- Expertise with Linux and command-line interface.
- Understand methods of collection, logging, windows filtering and tuning/base-lining data
- Intermediate level understanding of Solaris, Linux, and Windows operating systems and Oracle/MSSQL databases.
- Experience working with security technologies to include endpoint security tools, boundary protection technologies, network security tools, and vulnerability management technologies.
- Experience with the development of documentation, architecture diagrams, and process and procedures for end users.
- Experience with Regular Expressions (regex).
- Knowledge of advanced search and reporting commands.
- Knowledge of network technology and common Internet protocols.
- Understanding of system log files and other structured and non-structured data.
- Splunk Certified Administrator certification
- Splunk User and Power User certification
- Splunk Architect certification is highly desired
- Bachelor’s degree and 5 years of related Information Security experience; Or
- Master’s degree and three years of related experience.
- All candidates for consideration must be eligible to obtain a Public Trust.
Summit Technologies Inc. appreciates your interest. We will contact the best matching prospects and will consider you for future opportunities. We will not submit your resume without your prior knowledge and consent. We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, disability or veteran status.