Splunk Administrator

Role responsibilities:

• Onboard data to Splunk via forwarder, scripted inputs, TCP/UDP, and modular inputs from a variety of sources.

• Develop and implement strategies to normalize current and future log data, making it consistent and usable for analysis.

• Assess existing Splunk data feeds and implement changes to improve overall SIEM health and align with best practices

• Diagnose and resolve issues related to log ingestion and normalization.

• Administration & Support

• Provide operations and maintenance support for a distributed Splunk environment consisting of heavy forwarders, indexers, and search head servers

• Build, implement, and administer Splunk in Linux environments

• Work with existing and custom Splunk applications and add-ons to fulfil customer needs

• Editing and maintaining Splunk configuration files and apps

• Maintain comprehensive documentation of log onboarding and normalization processes.

• Support security operational teams

Required qualifications:

· Experience with Splunk Enterprise hands-on Engineering & Administration

· deployment, troubleshooting, onboarding data, and maintenance in a clustered environment

· Proficiency in SPL

· Experience implementing CIM compliance and optimizing Splunk data models

Job Type: Full-time

Schedule:

• Day shift

Security clearance:

• Confidential (Preferred)

Ability to Commute:

• Manassas, VA 20109 (Preferred)

Ability to Relocate:

• Manassas, VA 20109: Relocate before starting work (Preferred)

Work Location: In person