SAIC is seeking a Splunk Administrator to come support our PBGC customer in Washington, D.C.
• Administer Splunk Enterprise Security
• Architect, design, support, and maintain Splunk infrastructure for high availability and disaster recovery configuration
• Support and maintain complete logging infrastructure including, but not limited to, log storage, syslog and Windows Event Collector servers, and database connections
• Troubleshoot Splunk server and forwarder issues
• Tune search and indexer performance
• Create and manage Splunk knowledge objects (field extractions, macros, event types, etc.)
• On-board new data sources into Splunk, analyzed the data for anomalies and trends, and built dashboards highlighting key trends
• Perform data mining and analysis, utilizing various queries and reporting methods
• Monitor and troubleshoot existing input (file monitoring, http, modular)
• Map customer data to the Splunk Common Information Model (CIM)
• Implement KV stores, lookups, and data model acceleration to optimize search performance and reporting
• Build and integrated contextual data into notable events
• Interact with end users to gather requirements
• Develop security use cases within Splunk Enterprise Security for SOC consumption
• Mentor users and other groups on their use of Splunk
• Technical writing/creation of formal documentation such as architecture diagrams, technical designs, and SOPs
• Monitor the agent and server infrastructure for capacity planning and optimization
• Monitor license consumption/make recommendations based on trends in license usage
EDUCATION & EXPERIENCE:
Bachelor's degree in an Information Technology field plus five (5) years of related information security experience. Masters and three (3) years or more experience; PhD and 0 years related experience.
• Current Splunk Certified Administrator required; Splunk Architect highly preferred
• Current Splunk User and Power User certification required
• Experience deploying applications within Splunk or administrating the Splunk platform
• Experience with data normalization and data modeling within the Splunk environment
• Knowledge of Splunk architecture and best practices
• Expertise with Linux and command-line interface
• Understand methods of collection, logging, windows filtering and tuning/base-lining data
• Intermediate level understanding of Solaris, Linux, and Windows operating systems and Oracle/MSSQL databases
• Experience working with security technologies to include endpoint security tools, boundary protection technologies, network security tools, and vulnerability management technologies.
• Experience with the development of documentation, architecture diagrams, and process and procedures for end users
• Experience with Regular Expressions (regex)
• Knowledge of advanced search and reporting commands
• Knowledge of network technology and common Internet protocols
• Understanding of system log files and other structured and non-structured data
SECURITY CLEARANCE: All candidates for consideration must be eligible to obtain a US Public Trust Clearance.
SAIC is a premier technology integrator solving our nation's most complex modernization and readiness challenges. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes high-end solutions in engineering, IT, and mission solutions. Using our expertise in existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions.
We are 23,000 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, Virginia, SAIC has pro forma annual revenues of nearly $6.5 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom. For SAIC benefits information, see Working at SAIC. EOE AA M/F/Vet/Disability