Splunk Practitioner

What You'll Do

The Splunk Practitioner is responsible for configuring, maintaining, auditing, and customizing Splunk Enterprise clusters to include Splunk Enterprise Security. The Splunk Practitioner will manage and support analyst workflows, enrich data for enterprise security, and manage and customize configurations. In addition, the Splunk Practitioner configures general settings, manages input credentials and permissions, customizes menus, and configures advanced filtering within the Splunk enterprise environment. Successful candidates for this role will be expected to stay up to date on the latest cybersecurity threat intelligence sources, and provide subject matter expertise (SME) within the Consolidated Nuclear Security (CNS) organization.

• Implements and maintains Splunk platform infrastructure (multi-cluster) and relevant configurations
• Staffs help desk for Splunk platform system-related assistance and undertakes day-to-day operational and user support - as it relates to the administration of configuration items of the Splunk servers and Splunk SIM/SIEM software
• Develops and customizes Splunk system core "splunkd" components, apps and dashboards and implements integration with external systems
• Builds advanced visualizations and manages data onboarding and defining configurations
• Builds data models and performs data interpretation, classification, and enrichment
• Masterful with data entity relationship diagrams, ontologies and relationship definitions
• Manages knowledge objects (fields, extractions, tags, event types, lookups, workflow actions, aliases, macros, and so on) - through automations, scripting, management server functions; to include .conf and .cfg files in scope of the last four Splunk Enterprise versions
• Configures summary-based reports and data model acceleration
• Leveraging SPL, Python, Python libraries, Adobe Acrobat, .PDF and .CSV file types
• Executes new projects as well as data and user onboarding
• Designing and developing an automations workflow and dashboard interface for such
• Creates operations documentation for maintaining the Splunk infrastructure
• System Design Document, Entity relationship diagrams, Workflow diagrams, Engineering interface diagrams leveraging MS Visio or the like

What You Can Expect

Minimum Job Requirements

Preferred Job Requirements

• Masterful experience with Splunk Enterprise architecture components and supporting instances such as heavy and light forwarder nodes, load balancing, license management, configuration deployment manager, and centralized automations for distributed SpLunk cluster architectures
• Strong understanding of Splunk platform configuration, web UI and Common Information Model, .cfg and .conf files
• Experience with Splunk Search Processing Language (SPL and SPL2), sub-searches and sub-queries or batch commands to include native functions to include use of Python and Pyhton libraries
• Knowledge of Splunk solution expert as well as Splunkbase
• Knowledge of Windows AND *nix systems administration
• Strong Networking background and familiarity with common infrastructure technologies and can demonstrate applicable knowledge in tuning Splunk Architecture to meet the maximum performance characteristics of the topology limits
• Experience with Windows and "Nix operating systems supporting the Splunk Enterprise daemons of which performance settings is expected second nature; thereby allowing most secure and performant Splunk systems environment
• Strong understanding of IT and Cyber industry standards and technologies to include such controls governed by NIST, FISMA, and FedRamp
• Hold at least one of the following certifications: Splunk Enterprise Certified Admin, Splunk Enterprise Security Certified Admin, Splunk Enterprise Certified Architect, or Splunk Certified Cybersecurity Defense Engineer, Splunk Cloud Certified Admin
• Knowledge of DOE and NNSA mission and cybersecurity requirements
• Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures. Familiar with NIST controls and FISMA controls and correct application theory
• Familiar with Cloud Service Platform tenancies of which Splunk interoperates and/or operates with primacy

Why Y-12?

You get #morethanajob. We encourage employees to achieve a healthy personal balance among home, work and the community. One of the ways we embrace work-life balance is by offering flexible work arrangements that provide alternatives to the traditional workweek, while still meeting business needs. Top talent and personal commitment mean more to our success than any other factors, so we reward our people with the kinds of benefits that make a positive difference in the quality of their lives. Benefits such as: medical plan, prescription drug plan, vision plan, dental plan, employer matched 401(k) savings plan, disability coverage, education reimbursement and many more. Want to stay healthy and fit but hate the cost of a gym membership? Take advantage of one of our onsite workout facilities and eat healthy in our onsite cafeterias. Much more than a workplace, at Y-12, you can build a career that lasts a lifetime.

Notes