Splunk Administrator (HYBRID REMOTE ONLY IN DC, MD, VA)

Prism, Inc.
Washington, DC
15 Feb 2025

Vacancy expired!

This position is -Hybrid work model. 2 days on-site and three days remote. Must be local to DC, MD, VA, or within 2 hours of commute.

Due to Federal Government Security Clearance Requirements: U.S. Citizenship!PRISM seeks Splunk Administrator to Administer the Splunk Enterprise Security, support the design, and maintain Splunk infrastructure for high availability and disaster recovery configuration. You will support maintaining complete logging infrastructure including, but not limited to, log storage, Syslog and Windows Event Collector servers, and database connections, troubleshoot Splunk server and forwarder issues, Tune search and indexer performance, create and manage Splunk knowledge objects (field extractions, macros, event types, etc.

Other Duties:
  • On-board new data sources into Splunk, analyzed the data for anomalies and trends, and built dashboards highlighting key trends.
  • Perform data mining and analysis, utilizing various queries and reporting methods.
  • Monitor and troubleshoot existing input (file monitoring, HTTP, modular)
  • Map customer data to the Splunk Common Information Model (CIM)
  • Implement KV stores, lookups, and data model acceleration to optimize search performance and reporting
  • Build and integrate contextual data into notable events
  • Interact with end users to gather requirements
  • Develop security use cases within Splunk Enterprise Security for SOC consumption.
  • Mentor users and other groups on their use of Splunk
  • Technical writing/creation of formal documentation such as architecture diagrams, technical designs, and SOPs
  • Monitor the agent and server infrastructure for capacity planning and optimization
  • Monitor license consumption/make recommendations based on trends in license usage

Required:Bachelor's degree in an Information Technology field plus five (5) years of related information security experience. Master and three (3) years or more experience.
  • Current Splunk Certified Administrator required
  • Current Splunk User and Power User certifications required
  • Experience deploying applications within Splunk or administrating the Splunk platform
  • Experience with data normalization and data modeling within the Splunk environment
  • Knowledge of Splunk architecture and best practices
  • Expertise with Linux and command-line interface
  • Understand methods of collection, logging, windows filtering, and tuning/base-lining data.
  • Intermediate level understanding of Solaris, Linux, and Windows operating systems and Oracle/MSSQL databases
  • Experience working with security technologies, including endpoint security tools, boundary protection technologies, network security tools, and vulnerability management technologies.
  • Experience with the development of documentation, architecture diagrams, and process and procedures for end users
  • Experience with Regular Expressions (regex)
  • Knowledge of advanced search and reporting commands
  • Knowledge of network technology and standard Internet protocols
  • Understanding of system log files and other structured and non-structured data
  • ID: #49217331
  • State: District of Columbia Washington 00000 Washington USA
  • City: Washington
  • Salary: Depends on Experience
  • Job type: Permanent
  • Showed: 2023-02-15
  • Deadline: 2023-04-14
  • Category: Et cetera