Splunk Administrator

Job Title: Splunk Administrator

Location: Northern Virginia

Department: Cyber Security Services

Reports To: Management

FLSA Status: Full Time/Non-exempt

Apavo is at the forefront of cybersecurity providing services to military defense and critical infrastructure industries. Joining the Apavo team means becoming part of a company rooted in the principles of quality and communication. We value positive candid interactions and the belief that everyone has valuable contributions to make. Apavo stands out for its commitment to a work-life balance and fostering a growth mindset among all team members. If you are looking to make a meaningful impact in the cybersecurity world while growing professionally in a supportive environment Apavo is the place for you

Overview

To be successful in this position you need to be collaborative and willing to work within a team. While you will need to be a self-starter completing tasks on your own working together is critical in this role. You will be interfacing with the government and senior staff. Therefore you should be articulate in your communications because your opinion matters. You will need to explain technical intricacies in a way that is easily understood.

Job Purpose:

The Splunk Administrator supports the organizations Splunk infrastructure ensuring its stability performance and security compliance. The Splunk Admin will support a critical mission within the Department of the role as a Splunk Admin you are expected to design implement and maintain the Splunk environment proactively identifying and resolving issues onboarding new data sources and creating insightful dashboards and reports.

The Splunk Admin is expected to be a collaborative member of the RMF program of the organization to provide intelligent input to system security architectures in order to align with RMF principles and guidelines. This includes ensuring to guide the RMF process so that security controls are integrated seamlessly into system designs to provide comprehensive protection and conduct system level auditing and continuous monitoring against threats and vulnerabilities.

To be successful in this position you need to be collaborative and able to lead a team. You will need to be a self-starter completing your tasks on your own while supervising the tasks of others on shift. Working together is critical in this role. You will be interfacing with the Government and senior staff. Therefore you should be articulate in your communications because your opinion matters. You will need to explain technical intricacies in a way that is easily understood.

Duties & Responsibilities:

Splunk Administrator responsibilities include but are not limited to:

• Provide expertise as it relates to Splunk implementations. Recommend and support changes to Splunk deployments.
• Support Indexer Clustering Search Head Clustering and Forwarders.
• Monitor troubleshoot and analyze overall health of Splunk infrastructure to include daily indexing volume search volume and performance data source reporting user activity reporting and custom apps/dashboards/visualizations.
• Perform root cause analysis on any issues with recommendations. Implement tactical and strategic solutions to problems.
• Develop manage and maintain documents supporting Splunk architecture and operational processes.
• Data on-boarding techniques such as syslog DB Connect (dbConnect) Universal Forwarder (UF) HTTP Event Collector (HEC) and custom scripting.
• Express a working knowledge of Linux to include use cases supporting patching SSL toolset capacity planning routing protocols and firewall rules.
• SPL/Dashboard experience in support of user analytics systems performance security and environmental health.
• Knowledge of Splunk DataModels and their management to include implementation tuning and data normalization.
• Familiarity with Defense Information Systems Agency (DISA) Security Technical Implementation Guidelines (STIGs) checklists applicable to each Non-classified or Secret Internet Protocol (IP) Router Network (NIPRNet SIPRNet) network environment for all Splunk implementations.
• Implement/create report dashboard designs automated custom email report notifications report log data repositories for each environment that are specific to the following audiences: Leadership & Executives; Cybersecurity Staff; and System Administrators.
• Identify analyze define & coordinate user client and stakeholder needs and translate them into technical requirements.
• Support day-to-day technical communication systems and incident tickets in support of operations.

The Splunk Administrator is expected to have additional duties as assigned in support of corporate cyber security services. Additional details are reviewed in accordance with company policies.

Qualifications

• 5 years of overall demonstrated experience in cybersecurity information assurance or computer science.
• Minimum 5 years of experience with Splunk.
• DoD Top Secret Clearance with SCI/ SAP eligibility is required.
• Bachelors degree from an accredited institution in cybersecurity information assurance computer science or a related technical discipline or the equivalent work experience.
• DoD 8570.01-M Information Assurance Technical (IAT) Level II
• Computing Environment/Operating System (CE/OS) - Linux
• Strong customer service experience as this position will require candidate to engage with government leadership.
• Ability to present ideas clearly through briefings meetings and interaction with leadership of different skill sets.
• Ability to work under time constraints and adapt to changes in requirements and new projects.
• Ability to maintain and upgrade certifications.
• Ability to assimilate information rapidly motivated to self-study new requirements.
• Maintain current industry knowledge of relevant concepts practices and procedures.
• Excellent communication and documentation skills with strong organizational and collaborative skills.
• Strong teamwork and engagement as a project team member.
• Splunk Certified Admin/Architect preferred.
• Strong understanding of Indexer Clustering and Search Head Clustering.
• Experience troubleshooting KV store and indexer cluster issues.
• Knowledge of Splunk DataModels and their management to include implementation tuning and CIM data normalization.
• Experience with deploying and maintaining Splunk Enterprise Security.
• Experience with deploying and maintaining Cribl Stream.
• SPL/Dashboard experience in support of user analytics systems performance security and environmental health.
• Expert-level experience onboarding complex data sources into Splunk via multiple ingestion methods (Universal Forwarders Heavy Forwarders HEC syslog REST APIs etc.).
• Familiarity with Department Information Systems Agency (DISA) Security Technical Implementation Guidelines (STIGs) checklists applicable to each Non-classified or Secret Internet Protocol (IP) Router Network (NIPRNet SIPRNet) network environment for all Splunk implementations.
• Develop manage and maintain documents supporting Splunk architecture and operational processes.
• Express a working knowledge of Linux to include use cases supporting patching SSL toolset capacity planning routing protocols and firewall rules.

Candidates with Unix experience are strongly encouraged to apply as familiarity with Unix-based systems supports many of the core administrative tasks required for managing and optimizing Splunk environments.

Education

Associate degree from an accredited institution in cybersecurity information assurance computer science or a related technical discipline or the equivalent work experience.

Experience:

5-10 years of overall demonstrated experience in cybersecurity information assurance or computer science.

Certification requirements:

DoD 8570.01-M Information Assurance Technical (IAT) Level II

Computing Environment/Operating System (CE/OS) - Linux

Must Have:

Strong customer service experience as this position will require candidate to engage with government leadership.

Ability to present ideas clearly through briefings meetings and interaction with leadership of different skill sets.

Ability to work under time constraints and adapt to changes in requirements and new projects.

Ability to maintain and upgrade certifications.

Ability to assimilate information rapidly motivated to self-study new requirements.

Maintain current industry knowledge of relevant concepts practices and procedures.

Excellent communication and documentation skills with strong organizational and collaborative skills.

Strong teamwork and engagement as a project team member.

Security clearance:

DoD Top Secret Clearance with SCI/ SAP eligibility is required.

Other:

This is typical office or administrative work and there is no exposure to adverse environmental conditions.

This position requires sedentary work. Sedentary work is defined as: Exerting up to 10 pounds of force occasionally and/or a negligible amount of force frequently or constantly to lift carry push pull or otherwise move objects including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally and all other sedentary criteria are met.

Apavo Corporation provides equal employment opportunities to all applicants and employees and strictly prohibits any type of harassment or discrimination in regards to race religion age color sex disability status national origin genetics sexual orientation protected veteran status gender expression gender identity or any other characteristic protected under federal state and/or local laws.

Consistent with the Americans with Disabilities Act (ADA) it is the policy of Apavo Corporation to provide reasonable accommodation when requested by a qualified applicant or employee with a disability unless such accommodation would cause an undue hardship. The policy regarding requests for reasonable accommodation applies to all aspects of employment including the application process. If reasonable accommodation is needed please contact Apavo Human Resources at or .

Employment with Apavo Corporation is on an at-will basis meaning either you or the Company can terminate the employment relationship at any time for any or no reason and with or without cause or notice. As an at-will employee your employment with Apavo Corporation is not guaranteed for any length of time.