Description

You will manage and optimize the Splunk environment to support infrastructure, security, and application teams migrating to an Azure Government enclave.

Responsibilities

• Configure, operate, and maintain Splunk across multi-cloud environments and various data sources.
• Manage data ingestion, search query writing, scripting, and data visualization.
• Execute Splunk architecture changes, deployments, upgrades, and routine patching.
• Support security assessment, authorization (ATO), and security audits.
• Collaborate with SOC and incident response teams to investigate security incidents.

Required Skills

• 5+ years of experience configuring, deploying, maintaining, and optimizing Splunk.
• Expertise in Search Processing Language (SPL) for data querying and manipulation.
• Experience managing Splunk indexers, search heads, and forwarders.
• Proficiency in Operating System administration for RHEL, Linux, and Windows.
• Ability to design, implement, and maintain Splunk apps and add-ons.
• Skill in using shell commands and scripting for automation.
• Experience integrating Splunk with external platforms and other SIEM tools.
• U.S. Citizenship and ability to acquire a Public Trust clearance.

Preferred Skills

• Splunk Enterprise Certified Administrator (SECA).
• Experience with automation tools such as Ansible, Puppet, or Chef.
• Knowledge of cloud platforms and integration with Splunk.
• Industry certifications such as CISSP, CISA, or CISM.

Key Skills

Education

Any Graduate