Splunk Administrator

Are you searching for exciting and impactful work supporting several diverse Classified
networks?

Are you a self-starter that is passionate about crafting visualizations, reports and charts?

If so, we're looking for someone like you to apply and join our team at APL

The Splunk Administrator will be a valued member of the team with overall responsibility for engineering, operating, and managing the Splunk Enterprise environment across four classified security enclaves. We provide technical expertise to meet compliance and security objectives across networked environments that require Audit and Logging Operations, Incident Identification and Response Coordination. Each environment consists of Splunk forwarders, indexers, search heads, centralized log servers, with varying data ingests. You will lead operational responsibilities to include security and overall performance management of the environment.

As a Splunk Administrator, you will...

• Participate in developing security-focused content for our Splunk implementations across the four classified Department of Defense (DoD) networks. Coordinate with the APL security operations teams and customers to build threat detection logic and dynamic operational dashboards. Assist with architecting log management, and data ingest solutions to ensure they are scalable and efficient. Analyze and make recommendations for Risk Management Framework (RMF) compliance requirements.
• Leverage automation techniques and develop scripts to manipulate data repositories to support data and threat analysis. Develop documentation supporting management procedures and implementation guides for Splunk-based solutions.
• Deploy and handle Splunk indexers, search heads, forwarders, and other Enterprise components within the distributed environments. Implement and manage add-ons to enhance capabilities, such as machine learning and sophisticated threat detection.
• Assist with the Assessment and Authorization (A&A) of the Splunk environment. Perform risk assessments along with Security Test & Evaluations (ST&E) of Splunk components and, ensure network computer systems align with the Information Assurance Vulnerability Management (IAVM) standards.
• Review systems to identify potential security weaknesses, recommend improvements, and implement changes. Work with the Vulnerability Management team to remediate findings from Assured Compliance Assessment Solution (ACAS)/Nessus and Host-Based Security Solution (HBSS) scans and other automated and manual assessment tools such as DoD Security Technical Implementation Guides (STIGs).
• Work with existing and custom Splunk applications and add-ons to meet compliance requirements. Implement and administer Splunk in Windows and Linux environments.
• Leverage programming skills (e.g., CSS, HTML, JavaScript, Python, shell scripting) to automate security tools management. Build customized applications within Splunk such as searches, audit scripting, and visualization.
• Track and implement responses and actions to address operational and communication orders from governing organizations. Provide expert analysis of records to prevent or detect anomalies or possible adverse events. Identify data accessed, destination and source addresses, timestamps, user login information, and specific sequence of activities to formulate courses of action and/or responses.

You will meet the minimum requirements if you have...

• A BS degree in Computer Science, Management Information Systems, Computer Information Systems, Information Assurance, or comparable field or equivalent years of professional relevant
• 2+ years of Security Engineering experience working with DoD IT enclaves, systems, and solutions
• 1+ years of experience with application and OS enterprise logging, managing, creating rule sets and threat detection logic in Splunk
• Splunk Search Processing Language (SPL) and Regular Expression expertise
• Splunk Core Certified Advanced Power User certification
• Strong communication and presentation skills
• An active Secret security clearance with the ability to obtain a Top-Secret clearance. If selected, you will be subject to a government security investigation and must meet the requirements for access to classified information. Eligibility requirements include U.S. citizenship.
• Ability to work occasional weekends and other after-hours when needed. 
• Current industry certification aligned to DoD Manual 8570, 01-M for IAT II

You will go above and beyond our minimum requirements if you have...

• Intermediate expertise with Red Hat Enterprise Linux (RHEL) version 8 and 9
• 3+ years of experience leveraging Splunk or audit logs for incident response and user behavior analytics
• Experience reviewing network, host and firewall security logs. Prior experience with leading vendor security products such as Tenable, Ivanti, Forescout, Trellix, etc.
• Experience with using scripting languages such as CSS, HTML, JavaScript, Python, and shell scripting to automate tasks and manipulate data
• Experience with Splunk Machine Learning Toolkit (MLTK)
• Splunk Enterprise Certified Admin or Splunk Enterprise Certified Architect

Why work at APL?

While the Johns Hopkins University Applied Physics Laboratory brings world-class expertise to a broad range of challenges, what makes us truly outstanding is our culture. We offer a vibrant, innovation ecosystem where you can feel safe to share ideas and to continue to grow personally and professionally. At APL, we celebrate our differences and encourage creativity and bold, new ideas and have earned Best Places to Work accolades in outlets such as Fast Companies and Glassdoor.

.

Our employees enjoy generous benefits, including a robust education assistance program, unparalleled retirement contributions, and a healthy work/life balance. APL’s campus is located in the Baltimore-Washington metro area. Learn more about our career opportunities at www.jhuapl.edu/careers.

APL is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, gender identity or expression, sexual orientation, national origin, age, physical or mental disability, genetic information, veteran status, occupation, marital or familial status, political opinion, personal appearance, or any other characteristic protected by applicable law.

APL is committed to promoting an innovative environment that embraces diversity, encourages creativity, and supports inclusion of new ideas. In doing so, we are committed to providing reasonable accommodation to individuals of all abilities, including those with disabilities. If you require a reasonable accommodation to participate in any part of the hiring process, please contact Accommodations@jhuapl.edu. Only by ensuring that everyone’s voice is heard are we empowered to be bold, do great things, and make the world a better place.

The referenced pay range is based on JHU APL’s good faith belief at the time of posting. Actual compensation may vary based on factors such as geographic location, work experience, market conditions, education/training and skill level with consideration for internal parity. For salaried employees scheduled to work less than 40 hours per week, annual salary will be prorated based on the number of hours worked. APL may offer bonuses or other forms of compensation per internal policy and/or contractual designation. Additional compensation may be provided in the form of a sign-on bonus, relocation benefits, locality allowance or discretionary payments for exceptional performance. APL provides eligible staff with a comprehensive benefits package including retirement plans, paid time off, medical, dental, vision, life insurance, short-term disability, long-term disability, flexible spending accounts, education assistance, and training and development. Applications are accepted on a rolling basis.