Splunk is a powerful log aggregation and data analysis tool used widely by the Defense Health Agency (DHA) to monitor IT assets across the military health system. Core4ce is seeking a Splunk administrator capable of installing, configuring, troubleshooting, and sustaining an enterprise Splunk instance used by 5,000+ end users.
RESPONSIBILITIES
- Demonstrated experience using Splunk Search Processing Language to assist customers in creating queries, setting alerts, identifying event conditions, and building dashboards
- Installing, configuring, and deploying Splunk infrastructure, to include search heads, indexers, forwarders, and other Splunk components
- Monitor and maintain Splunk performance, availability, and capacity.
- Test and deploy new versions of Splunk to all enterprise servers as they are made available by the relevant DHA organization
- Grow and improve the enterprise Splunk environment to a mature implementation by creating forwarder apps to ingest data
- Support large-scale deployments with data feeds from multiple locations worldwide
- Develop reliable, efficient, and re-usable queries that will feed custom alerts and dashboards
- Assist users in accessing and identifying relevant audit logs, both for troubleshooting and cybersecurity compliance purposes
- Assisting customers in configuring dashboards to facilitate their own audit log analysis, and generally assisting customers in developing Splunk solutions for their use cases
- Splunk account creation and role-based access control / permissioning
- Act as the Splunk liaison for Splunk technical questions, issues or escalations. This will include working with Splunk Support, Product Management or others as needed.
- Administration of the servers on which Splunk infrastructure is deployed is not a direct responsibility, but the successful candidate must be familiar enough with both Splunk and server administration to participate in server troubleshooting affecting Splunk performance.
REQUIREMENTS
- High school graduation or GED. High-level education, such as a technical bachelor’s degree, is highly valued but not required.
- At least 8 years of IT experience, of which at least 3 must have involved working directly with Splunk, either as a power user or system administrator.
- Experience with the Department of Defense or other federal agencies is preferred but not required.
- Hold an industry certification related to any of the following technologies: Windows OS, Red Hat Enterprise Linux, Microsoft Azure, Amazon Web Services, or VMWare. Other industry certifications may also be applicable for this position and will be considered upon request.
- Splunk Enterprise Certified Admin certification strongly preferred. If the successful candidate does not already hold this certification at the time of hire, he/she will be expected to obtain it within 6 months of starting. Splunk Core Certified Power User certification may be acceptable in combination with other industry experience/certifications/education.
- CompTIA Security+ certification required, either at the time of hire or within 6 months of starting if not already held.
- Secret security clearance or the ability to obtain a clearance
All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protected status
Required Skills
Required Experience