Splunk Engineer with Security Clearance

3 weeks ago

Washing, United States Base One Technologies Full time
Primary Responsibilities
• Manage multiple assignments, changing priorities, and work independently with little oversight
• Build, implement, and administer Splunk in Windows and Linux environments
• Work with existing and custom Splunk applications and add-ons to fulfill customer needs
• Provide overall engineering and design support for a distributed Splunk environment consisting of heavy forwarders, indexers, and search head servers, spanning security, performance, and operational roles
• Editing and maintaining Splunk configuration files and apps
• Onboard data to Splunk via forwarder, scripted inputs, TCP/UDP, and modular inputs from sources such as FireEye, Blue Coat, F5, Cisco, Palo Alto, syslog, etc.
• Provider operational support Splunk Universal Forwarder on Linux and Windows endpoints
• Create, manage, and support automation solutions for Splunk deployment and orchestration in on-premise and cloud environments
• Documentation, reporting, presentation, teamwork, and DHS wide collaboration are among the expected duties and mission of the task order Education
Bachelor’s degree in Computer Science, Engineering, or a related field and a minimum of six (6) years of experience in system administration, database administration, network engineering, software engineering, or software development, Cybersecurity Basic Qualifications
• Six (6) years of experience with Linux and Windows system administration or an intermediate understanding of operating systems and common operating environments
• Four (4) years of experience with Splunk in distributed deployments
• Current Splunk Enterprise Certified Admin certification
• Excellent written and oral skills, ability to work closely with multiple customers, manage expectations and track engagement scope
• Experience implementing FISMA, NIST, NSA, and other information security, cybersecurity and CDM related industry policies, procedures, guidelines, standards, and best practices
• Experience with Splunk Enterprise Security or integration with other Security Information and Event Management (SIEM) platforms
• Proficient at data on-boarding activities including routing, parsing, and normalizing events to the Splunk Common Information Model (CIM)
• Proficiency onboarding data using Splunk developed add-ons for Windows, Linux, and common third-party devices and applications
• Experience onboarding data into Splunk via forwarder, scripted inputs, TCP/UDP, and modular inputs from a variety of sources
• Proficiency managing Splunk using the Splunk command-line interface
• Proficiency managing Splunk using configuration files
• Experience collaborating with separate engineering teams to configure data sources for Splunk integration
• Proficiency implementing and onboarding data in Splunk DB Connect
• Experience with Splunk performing systems administration, including performing installation, configuration, monitoring system performance and availability, upgrades, and troubleshooting
• General networking and security troubleshooting (firewalls, routing, NAT, etc.)
• Splunk implementation and troubleshooting experience
• Experience in managing, maintaining, and administering multi-site indexer cluster
• Proficiency developing log ingestion and aggregation strategies per Splunk best practices
• Perform integration activities to configure, connect, and pull data with 3rd party software APIs
• Proficient in regular expressions
• Ability to autonomously prioritize and successfully deliver across a portfolio of projects
• Undertakes day-to-day operational and user support
• Department of Homeland Security ESOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program
• Clearance required to be considered: TS/SCI At least one of the following certifications: CASP, Security+, GCWN, GISF, GSSP, GICSP, CCNP, CCNP Security, CCIE Security, CEH, ENSA, ECSP, MCSE, VCP, BCAP, VCIX, VCDX, Certified Splunk Architect Preferred Qualifications
• Experience working in AWS and Azure
• Experience working in an Agile development environment.
• Experience with GitLab or GitHub or other version control system
• Experience with Ansible tower and/or writing ansible playbooks
• Intermediate understanding of SQL and common SQL dialects
• Scripting and development skills (Bash, Python, and PowerShell)