Splunk Master with Security Clearance

Required Education / Experience

BS degree in Science, Technology, Engineering, Math or related field and 12 – 15 years of prior relevant experience with a focus on cyber security or Masters with 10 – 13 years of prior relevant experience. Required Security Clearance : Active TS / SCI

Primary Responsibilities

• Conceptualize, Design, Build, and Maintain current and future NOSC supported tools and platforms.
• Manage multiple assignments, changing priorities, and work independently with little oversight.
• Provide direct support for onboarding data into Splunk via forwarder, scripted inputs, TCP / UDP and modular inputs from sources such as FireEye, BlueCoat proxies, Big IP, Cisco, Palo Alto, host syslogs, etc.
• Support all support, guidance and develop processes to evaluate and improve all operating systems, hardware support, software, firmware solutions and provide advisement concerning future purchase of the same.
• Create, manage, and support automation solutions for Splunk deployment and orchestration within a Cloud environment.
• Work closely with senior engineers, other team members and application owners to solve technical problems at the network, system and application levels.
• Conduct periodic architectural reviews of installed sensors to assess effectiveness and propose optimal installation alternatives as required.
• Conduct network security architecture reviews to determine the size, and placement of intrusion monitoring equipment during the customer onboarding process.
• Documentation and Reporting along with presentation, teamwork and DHS wide collaboration are among the expected duties and mission of the task order.
• Build, implement and administer Splunk in Windows and Linux environments. Basic Qualifications
• Require BS degree and 12 years of experience in system administration, database administration, network engineering, software engineering, and / or software development, with a concentration in Cybersecurity.
• At least eight (8) years of experience with Splunk in distributed deployments
• Proficiency managing Splunk using the Splunk command-line interface
• Proficiency managing Splunk using configuration files
• Experience onboarding data into Splunk via forwarder, scripted inputs, TCP / UDP and modular inputs from a variety of sources.
• Proficiency onboarding data using Splunk developed add-ons for Windows, Linux, and common third-party devices and applications
• Experience collaborating with separate engineering teams to configure data sources for Splunk integration
• 7 Years experience in Linux, Windows and SQL / ODBC interfaces
• Proficiency implementing and onboarding data in Splunk DB Connect
• 4 Years experience in app interface development, using REST API’s
• Experience with Splunk performing systems administration, including performing installation, configuration, monitoring system performance and availability, upgrades, and troubleshooting
• Experience developing in XML, Bash, JavaScript and Python, Perl, PowerShell scripts
• General networking and security troubleshooting (firewalls, routing, NAT, etc.)
• Splunk architecture / design, implementation, and troubleshooting experience
• Experience in managing, maintaining, and administering multi-site indexer cluster
• Scripting and development skills (BASH, python, or java) with strong knowledge of regular expressions
• Proficiency developing log ingestion and aggregation strategies per Splunk best practices
• Proficiency normalizing data to Splunk Common Information Model (CIM)
• Experience implementing and optimizing Splunk data models
• Expertise developing security-focused content for Splunk, including creation of complex threat detection log and operational dashboards
• Perform integration activities to configure, connect, and pull data with 3rd party software APIs.
• Ability to autonomously prioritize and successfully deliver across a portfolio of projects
• Undertakes day-to-day operational and user support
• Department of Homeland Security ESOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program. Must Have One of the Following J3 Certifications

SANS : GCWN - Windows Security Administrator, GISF - Security Fundamentals, GSSP - Secure Software Programmer, GICSP - Cyber Security Professional

Carnegie Mellon University : SEI (Software Engineering Institute)

ISC2 : CCSP - Certified Cloud Security Professional, CISSP - Certified Information Systems Security, CSSLP - Certified Secure Software Lifecycle Professional, SSCP - Systems Security Certified Practitioner

CISCO : CCNP, CCIE Security

EC-Council : ECSP - EC-Council certified Secure Programmer

Microsoft : MCSE - Microsoft Certified Solutions Expert

RedHat : RHCA, RHCE

VMWare : VCA (Certified Associate), VCP (Certified Professional), VCAP (Certified Advanced Professional), VCIX (Implementation Expert), VCDX (Certified Design Expert)

NetApps : Converged Infrastructure Specialist, Certified Implementation Engineer Specialist, Certified Data Administrator Professional, Certified Storage Associate