Splunk Administrator *Secret Clearance And Security + Required* at TEKsystems

Duties & Responsibilities:

§ Serve as Splunk Administrator responsible for planning, managing, and implementing Splunk across multiple enterprise networks and implementations.

§ Provide expertise as it relates to Splunk implementations. Recommend and support changes to Splunk deployments.

§ Support Indexer Clustering, Search Head Clustering, and Forwarders.

§ Monitor, troubleshoot, and analyze overall health of Splunk infrastructure to include daily indexing volume, search volume and performance, data source reporting, user activity reporting, and custom apps/dashboards/visualizations.

§ Perform root cause analysis on any issues with recommendations. Implement tactical and strategic solutions to problems.

§ Develop, manage, and maintain documents supporting Splunk architecture and operational processes.

§ Data onboarding techniques such as syslog, DB Connect (dbConnect), Universal Forwarder (UF), HTTP Event Collector (HEC), and custom scripting.

§ Express a working knowledge of Linux to include use cases supporting patching, SSL toolset, capacity planning, routing protocols, and firewall rules.

§ SPL/Dashboard experience in support of user analytics, systems performance, security, and environmental health.

§ Knowledge of Splunk DataModels and their management to include implementation, tuning, and data normalization.

§ Familiarity with Department Information Systems Agency (DISA) Security Technical Implementation Guidelines (STIGs) checklists applicable to each Non-classified or Secret Internet Protocol (IP) Router Network (NIPRNet, SIPRNet) network environment for all Splunk implementations.

§ Implement/create report dashboard designs, automated custom email report notifications, report log data repositories for each environment that are specific to the following audiences: Leadership & Executives; Cybersecurity Staff; and System Administrators

Qualifications/Requirements:

§ Splunk Administrator candidate should have a minimum of 3+ years of Splunk products experience.

§ Splunk experience performing administration in a large-scale environment. Preferably overseeing daily, weekly, monthly functions and following best practices.

§ Identify, analyze, define, & coordinate user, client, and stakeholder needs and translate them into technical requirements.

§ Support day-to-day technical communication systems and incident tickets in support of operations.

§ Be familiar with scripting tools such as Python, Bash, and SPL. Firm understanding of REGEX.

§ Candidate should have experience in:

o system Integration and/or administration for Splunk users, searches/reports, dashboards, systems, or onboarding 3rd party log data.

o Windows OS, UNIX or Linux-based systems support with experience in mid-to-large data center environments and patch/update management.

o Demonstrated advanced diagnostics, analytical, troubleshooting skills.

§ Experience with physical servers and those hosted within virtualized environments such as VMware vSphere’s vCenter Server Appliance.

§ Must be able to push/pull, lift, or carry up to 50 lbs.

§ Must be willing to travel up to 5% (3 weeks) of the year, dependent on contract needs and requirements that may arise.

Education/Certification(s):

§ Technical degree, Associates or, bachelor’s degree in computer science/information systems, Science/Engineering/Math, or 2-4 years’ relevant experience in Information Technology preferably within system or application administration is acceptable.

There are three required certifications for this position, of which two are required to start on the contract and one that must be earned within 90 days of start.

§ Requires one of the following DoD 8570.01-M Information Assurance Technical (IAT) Level II certification to begin on contract:

§ CompTIA Security+ CE (Continuing Education)

§ CompTIA Cybersecurity Analyst (CySA+) CE (Continuing Education)

§ (ISC)² Systems Security Certified Practitioner (SSCP)

§ GIAC Global Industrial Cyber Security Professional (GICSP)

§ GIAC Security Essentials Certification (GSEC)

§ (ISC)² Systems Security Certified Practitioner (SSCP)

§ Requires one of the following Computing Environment/Operating System (CE/OS) to begin on contract (Linux/Unix preferred):

§ Microsoft 365 Certified: Identity and Access Administrator Associate

§ Microsoft 365 Certified: Endpoint Administrator Associate

§ Microsoft 365 Certified: Azure Administrator Associate

§ Linux Foundation Certified System Administrator (LFCS) (Preferred)

§ LPIC-1 (Preferred)

§ Linux+ (Preferred)

§ Requires the following technical certifications within 45 days of starting on the contract:

§ Splunk Enterprise Certified Admin

Clearance:

Active DoD Secret required or ability to complete investigation process for interim with potential to upgrade to Top Secret clearance preferred.

Benefits Info:

o Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following: 

 Medical, dental & vision 

 Critical Illness, Accident, and Hospital 

 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available 

 Life Insurance (Voluntary Life & AD&D for the employee and dependents) 

 Short and long-term disability 

 Health Spending Account (HSA) 

 Transportation benefits 

 Employee Assistance Program 

 Time Off/Leave (PTO, Vacation or Sick Leave) 

About TEKsystems:

We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.

The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.