SAIC is seeking
a Splunk Administrator to join SAIC to support our PBGC customer in
Washington, D.C. This position is a member of a team that supports the
Pension Benefit Guaranty Corporation (PBGC), an independent agency of the
United States government. The team operates within the agency’s Information
Technology Infrastructure Operations Department (ITIOD). The role is a part of
the Security Operations team in support of the PBGC ITIOD. The successful
candidate will perform Splunk platform administration and related tasks,
reporting to the Security Operations Manager.
- Architect, design, support, and maintain
Splunk infrastructure for a highly available and disaster recovery
- Support and maintain complete logging
infrastructure including, but not limited to, log storage, syslog and Windows
Event Collector servers, and database connections
- Administer Splunk Enterprise Security.
- Troubleshoot Splunk platform and application
issues, escalate the issue and work with Splunk support to resolve issues.
- Create and manage Splunk knowledge objects
(field extractions, macros, event types, etc.).
- Onboard new data sources into Splunk, analyzed
the data for anomalies and trends, and built dashboards highlighting key trends.
- Perform data mining and analysis, utilizing
various queries and reporting methods.
- Implement KV
stores, lookups, and data model acceleration to optimize search
performance and reporting.
- Build and integrated contextual data into
- Interact with end users to gather requirements.
- Perform routine health checks, maintenance
tasks, update, upgrade, and implement new capability.
- Monitor the agent and server infrastructure
for capacity planning and optimization
- Develop security use cases within Splunk
Enterprise Security for SOC consumption
- Mentor users and other groups on their use of
- Develop, execute, and improve work
instructions, architecture diagrams and other technical documentation related
to Splunk update, upgrade, and health check.
- Monitor license consumption/make
recommendations based on trends in license usage
- Effectively and accurately document
work in various formats including work instructions, change management
requests, incident tickets, and email.
- Improve efficiency through process
improvement and automation.
- The individual must have hands-on technical
knowledge of some of the following: SIEM, networking, Linux
administration, Windows administration, scripting, and automation.
- The individual must be able to
communicate effectively with a minimum of supervision in verbally and in
writing. Must be able to use Word, PowerPoint, and SharePoint
This position is
temporarily remote due to Covid-19.
- Expertise with Linux and command-line
- Intermediate level understanding of Solaris,
Linux, and Windows operating systems and Oracle/MSSQL databases.
- Experience deploying apps within Splunk and administrating
the Splunk platform.
- Experience with data normalization and data
modeling within the Splunk environment.
- Experience in creating and managing
Splunk DB connects Identities, Database connections, Database inputs, outputs,
lookups, access controls
- Experience with the development of
documentation, architecture diagrams, and process and procedures for end users.
- Experience with Regular Expressions (regex).
- Knowledge of Splunk architecture and best
- Knowledge of advanced search and reporting
- Knowledge of network technology and common
- Understanding of system log files and other
structured and non-structured data.
- Understand methods of collection, logging,
windows filtering, and tuning / baselining data.
- Bachelor's degree plus seven (7) years
of related information security experience otherwise ten (10) years of IT work
- Five (5) years of experience in
- Three (3) years of experience in
administering Operation systems (Windows and Linux).
- Two (2) years of experience in
scripting and automation.
- Three (3) years of experience
developing, executing, and improving work instructions and other technical
documentation related to Splunk Administration.
- Current Splunk User and Power User
- Current Splunk Certified Administrator
required; Splunk Architect highly preferred.
CLEARANCE: All candidates
for consideration must be eligible to obtain a US Public Trust Clearance.
SAIC is a premier technology integrator solving our nation's most complex modernization and readiness challenges. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes high-end solutions in engineering, IT, and mission solutions. Using our expertise in existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions.
We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, Virginia, SAIC has pro forma annual revenues of nearly $7.1 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom. For SAIC benefits information, see Working at SAIC. EOE AA M/F/Vet/Disability