Splunk Administrator Job Listing at SAIC in North Charleston, SC (Job ID 2507327)

Description

Description

SAIC is seeking a skilled and motivated Splunk Administrator to join our DC2HS Splunk Team under the Service Delivery IPT in North Charles, SC or Baton Rouge, LA.

 You will be responsible for the administration, maintenance, and enhancement of our Splunk platform, ensuring its optimal performance and availability for our critical security and business operations.

You will work closely with various stakeholders (DC2HS Mission Owners and Internal Teams) in support of data ingestion, analysis, alerting, reporting, and tools integrations to meet a continuously evolving landscape of requirements and needs. 

The DC2HS Splunk environment supports infrastructure and hosted system in multiple on-premise (NIPR / SIPR) and cloud environments and provides multiple integrations with supporting tools and platforms such as CODEC, SENSR, ServiceNow, eMASS, Tenable ACAS, Trellix ESS, Solarwinds, and EvaluateSTIG. 

You will work closely with DC2HS Internal teams to support each team's data collection and monitoring requirements across various devices, systems, and applications.

The Splunk team assists the Mission Assurance and ISSM teams to with data collection and in support of incident response investigation activities.

Duties

• Install, configure, and update Splunk Enterprise Software, Splunk Apps, and Splunk Add-ons
• Configure data inputs from various sources (servers, applications, network devices).
• Define and manage indexes for data storage/retention in a multi-tenant environment
• Configure parsing and data normalization rules for field extractions
• Troubleshoot Splunk configuration, indexing, and performance issues
• Create Splunk dashboard, reports, alerts, and saved searches
• Develop complex Splunk search queries using SPL (Splunk Processing Language)
• Develop documentation for Splunk related processes, user guides, and configuration tracking.
• Create and manage user roles for RBAC (Role Based Access Control) and knowledge object permissions in a multi-tenant environment
• Monitor Splunk infrastructure performance and resource utilization.
• Manage Splunk certificates and maintain STIG compliance across Splunk Infrastructure Components
• Develop custom Splunk apps or scripts to meet specific requirements from other DC2HS Teams and hosted Mission Owner Systems.
• Configure/Manage Splunk Enterprise Security (ES) And Splunk IT Service Intelligence (ITSI) to enhance security and performance monitoring capabilities
• Work with Mission Assurance to provide support for security incident response and forensics analysis when needed utilizing data collected in Splunk.
• Integrating Splunk with other tools (ServiceNow, Tenable ACAS, Trellix ESS, EvaluateSTIG, OpenRMF, eMASS) to support Division level objectives.

Qualifications

Required Education and Experience: 

• Bachelor's degree and five (5) years of experience
• Knowledge of DoD STIG Requirements in support of Auditing/Monitoring Controls
• Experience with Splunk Enterprise Software and a deep understanding of Splunk architecture
• Proficiency in using Splunk Processing Language (SPL)
• Knowledge of search command, operators, functions, and regular expressions
• Ability to optimize search performance and troubleshoot query issues.
• Solid understanding of operating systems (Windows, Linux) and networking concepts.
• Experience with scripting languages (Bash, PowerShell, Python) for automation tasks.
• Familiarity with virtualization and cloud environments.
• Familiarity with Red Hat Enterprise Linux OS.
• Experience with integrating Splunk with ServiceNow for both pulling in data from ServiceNow (ie Ticket info) as well as pushing data to ServiceNow in support of automation efforts.
• Must be a US citizen with an active secret clearance and the ability to obtain at op secret clearance

Other Considerations:

• Passion for staying up-to-date with the latest Splunk features, updates, and best practices.
• Willingness to learn new technologies and adapt to evolving security challenges.
• Ability to work effectively with other teams (security, operations, and application developers).
• Ability to analyze logs, identify root causes, and implement solutions.