26NOS - ENAT - Splunk Administrator - Mid

SMS is seeking searching for qualified candidates for a Mid-Level Splunk Administrator to work on our Enterprise Network Tools Analyst Team (ENAT) for the AFINC II contract supporting the 26th Network Operations Squadron (26NOS) at Maxwell-Gunter AFB, Montgomery, AL. Splunk Administrator assist with planning, designing, and implementing Splunk across multiple enterprise networks cluster implementations. If you are seeking an exciting place to work, please review the list of responsibilities and qualifications. If you don’t meet all the qualifications, a candidate may still be considered depending on your level of experience. As a dynamic systems integrator, SMS offers proven solutions in engineering, operations, cybersecurity, and digital transformation. With expertise in modernizing and optimizing legacy infrastructure and systems, ensuring operational efficiency, and designing, implementing, and managing secure environments, SMS supports business and mission goals with proficiency, quality, and integrity. For additional information on SMS, visit www.sms.com. Responsibilities

Duties and Responsibilities

: Assesses current Splunk implementations for each network and recommend changes to distributed deployments to include Indexer Clustering, Search Head Clustering, Forwarders, daily indexing, search volume, number of data sources, number of users, custom apps/dashboards/visualizations. Monitor, troubleshoot, and analyze overall health of Splunk infrastructure. Perform root cause analysis, recommend, and implement tactical and strategic solutions to problems. Develop, update and document Splunk architecture, and operational processes. Ability to automate global, multi-site solutions with Ansible, Python, and Bash scripting techniques. Working knowledge of Linux; general networking topics such as SSL, load balancing, routing protocols, firewall rules, and ability to support/interact with McAfee Endpoint Security System (ESS) for RHEL Document steps required to design/engineer Splunk systems for each network to include virtual/real IP address, Fully Qualified Domain Name (FQDN), DNS entries, Role Based Access Controls (RBAC), service accounts, web certificates, licenses, and physical/virtual location of each component. Candidate will oversee activities to include planning, researching, deploying, monitoring, upgrading, patching, and troubleshooting Splunk components spanning a large and complex environment. Ability to maintain valid system certificates, application certificates, F5 load balancing local traffic management (LTM) and two-factor authentication (2FA) within a smart card environment. Provide best practice recommendations: how to update/maintain/add new Data Models; Data Model Creation/Acceleration/Maintenance; Risk Based Alerting; Scaling of Correlation Searches Ability or experience in evaluating scan report data from Tenable Nessus; participate in the review and response phases of the Vulnerability Management

(VM) life cycle. Install and patch operating systems, applications, and document Department Information Systems Agency (DISA) Security Technical Implementation Guidelines (STIGs) checklists applicable to each Non-classified or Secret Internet Protocol (IP) Router Network (NIPRNet, SIPRNet) network environment for all Splunk implementations. Assist in the Splunk system installation/maintenance of the baseline configuration files, custom security policies, ensure operational data integrity, and using vendor best practices for the Splunk systems and secure management across multiple unclassified and classified network locations supporting the interaction with Tenable products within Assured Compliance Assessment Solution (ACAS) including .SC (Security Center) and Nessus Scanner Manage or assist the processes related to onboarding users/projects, configuration audits, building data models, summary data reports, basic Search Processing Language (SPL), advanced search analytics. Ability to create Splunk network designs diagrams with Microsoft Visio (include specialty requirements) Identify, analyze, define, & coordinate user, client, and stakeholder needs and translate them into technical requirements. Support day-to-day technical communication systems and incident tickets in support of operations. Ensures networks receive periodic updates from AFCYBER-released software patches, updates, and upgrades via Time Compliance Technical Orders (TCTO), Time Compliance Network Orders (TCNO), Maintenance Tasking Order (MTO) and Notices to Airman (NOTAMs) Assist AF Cyber personnel with the DISA Information Assurance Vulnerability Management (IAVM) programs, cybersecurity toolsets, and Operation Order (OPORD)/Fragmentary Order (FRAGO) support. Ensures external networks receive inventory data for compliance data DoD Enterprise Logging Ingest, NiFi, and Cyber Situational Awareness Refinery (ELICSAR) Big Data Platform (BDP) Qualifications

Qualifications/Requirements

: Splunk Administrator must have a minimum of 3+ years of Splunk products experience and/or other enterprise monitoring tools experience interacting with 3rd party systems preferably in role(s) such as a system administrator, engineer, developer. Splunk experience with design, implementation and administration in a large-scale environment preferably overseeing daily, weekly, monthly functions and best practices. Experience with various log ingestion methods, new data onboarding and related products, such as Log Agents, syslog, dbConnect, Universal Forwarder Agent, HTTP Event Collector. Candidate should have 4+ years of years of hands-on experience in:

System Integrator and/or administrator for Splunk users, searches/reports, dashboards, systems, or 3rd party onboarding log data Windows OS, UNIX or Linux-based systems support with experience in mid-to-large data center environments and patch/update management. Demonstrated advanced diagnostics, analytical, troubleshooting skills.

Knowledge of data communications, local-area networking (LAN), wide-area networking (WAN), servers, routers, switches, and firewalls

Network (Layer 2, 3) LAN/WAN knowledge and switches/routers Thorough understanding of Internet Protocol (IP) routing, switching, and OSI model

The work performed in this position requires specialized technical certifications, minimal supervision, independent technical and operational decision-making, initiative in troubleshooting and implementing corrective actions, directing work of others, and sound judgment in risk analysis. Employee is subject to occasionally performing extended work week, involving after-hours or weekend support, to perform scheduled maintenance or service restoration. Ability to lift, rack and provision government furnished equipment (GFE) servers. Education

: Associate degree or higher in Computer Science or related technical discipline, or MIS related field is preferred but not mandatory. Relevant professional experience is acceptable. Splunk courses desired: Splunk Fundamentals 1, 2 or 3; Splunk Create Dashboards; Splunk Advanced Search/Report; Splunk Data Administration; Splunk System Administration; Splunk Enterprise Cluster Administration; Splunk Enterprise Troubleshooting; Splunk Advanced Dashboards/Visuals. Required Certification

: CompTIA Security+ ce (continuing education) or (ISC)² CISSP One Application Certification: Splunk Core Certified Power User or higher Microsoft 365 Certified: Identity and Security; Microsoft 365 Certified: Modern Desktop Administrator Associate; Microsoft 365 Certified: Azure Administrator Associate; Linux Foundation Certified System Administrator (LFCS); LPIC-1; or Linux+. Desired Certification(s)

: CompTIA

Linux+

or equivalent; Splunk Core Certified Advanced Power User; Splunk Enterprise Certified Admin or Splunk Enterprise Security Certified Admin; Splunk Enterprise Certified Architect or Splunk Certified Developer SMS is a veteran-owned network integrator established in 1976. With anemployee retention rate averaging over 5 years, our ability to hire quality people and retain them inarapidly evolving IT market proves why we are a world-class information technology company.At SMS, we place a high value on quality of service, customer satisfaction, and best-of-breed policies and practices. As a result, SMS is proudto be ISO 9001:2008Registered and a CMMI Level 3 certifiedcompany, ensuring that we continue to meet and exceed the expectations ofour customers, partners and employees. Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.

#J-18808-Ljbffr