HHS Sr. Splunk Engineer Administrator

Rockville, MD - USA

Monthly Salary: Not Disclosed

Posted on: 3 days ago

Vacancies: 1 Vacancy

Job Summary

cFocus Software seeks a Sr. Splunk Engineer / Administrator to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance.
Qualifications:

Bachelors degree in Information Technology Cybersecurity Computer Science or related field.
Minimum of 8 years of experience administering enterprise SIEM and logging platforms.
Extensive hands-on experience with Splunk Core and Splunk Enterprise Security.
Strong understanding of log management event correlation detection engineering and threat analytics.
Experience supporting federal cybersecurity environments and compliance requirements.
Knowledge of NIST SP 800-53 NIST SP 800-92 FISMA and OMB logging mandates.
Experience integrating SIEM with cloud platforms (AWS Azure) and security tools.
Active Splunk Certified Architect or Administrator
CISSP GCIA GCED or GCIH (preferred).

Duties:

Administer and engineer a complex hybrid Splunk environment supporting on-premises IaaS PaaS SaaS and multi-cloud platforms.
Ensure logging and SIEM operations comply with OMB M-21-31 logging requirements including log categories retention and visibility.
Design implement and maintain Splunk Core and Splunk Enterprise Security configurations.
Perform data onboarding parsing normalization and indexing optimization for diverse log sources.
Develop tune and maintain correlation searches detections dashboards and alerts to support SOC operations.
Integrate Splunk with HRSA cybersecurity tools including EDR vulnerability management SOAR cloud platforms and threat intelligence feeds.
Monitor SIEM performance including ingestion rates indexing efficiency search latency and storage utilization.
Optimize searches data models accelerated reports and summary indexing to improve performance.
Develop and maintain Splunk apps add-ons and custom knowledge objects.
Support users and stakeholders by providing ad hoc searches reports and dashboards.
Implement SIEM changes following HRSA change management procedures with documented implementation and rollback plans.
Patch upgrade and maintain Splunk infrastructure in accordance with HHS and HRSA standards.
Develop and maintain SIEM SOPs workflows architecture diagrams and technical documentation.
Support audits and assessments by producing logging evidence compliance dashboards and audit-ready reports.
Maintain SLA of responding to SIEM-related service requests within two (2) business days.

Required Experience:

Senior IC

Bachelors degree in Information Technology Cybersecurity Computer Science or related field.
Minimum of 8 years of experience administering enterprise SIEM and logging platforms.
Extensive hands-on experience with Splunk Core and Splunk Enterprise Security.
Strong understanding of log management event correlation detection engineering and threat analytics.
Experience supporting federal cybersecurity environments and compliance requirements.
Knowledge of NIST SP 800-53 NIST SP 800-92 FISMA and OMB logging mandates.
Experience integrating SIEM with cloud platforms (AWS Azure) and security tools.
Active Splunk Certified Architect or Administrator
CISSP GCIA GCED or GCIH (preferred).

Duties:

Administer and engineer a complex hybrid Splunk environment supporting on-premises IaaS PaaS SaaS and multi-cloud platforms.
Ensure logging and SIEM operations comply with OMB M-21-31 logging requirements including log categories retention and visibility.
Design implement and maintain Splunk Core and Splunk Enterprise Security configurations.
Perform data onboarding parsing normalization and indexing optimization for diverse log sources.
Develop tune and maintain correlation searches detections dashboards and alerts to support SOC operations.
Integrate Splunk with HRSA cybersecurity tools including EDR vulnerability management SOAR cloud platforms and threat intelligence feeds.
Monitor SIEM performance including ingestion rates indexing efficiency search latency and storage utilization.
Optimize searches data models accelerated reports and summary indexing to improve performance.
Develop and maintain Splunk apps add-ons and custom knowledge objects.
Support users and stakeholders by providing ad hoc searches reports and dashboards.
Implement SIEM changes following HRSA change management procedures with documented implementation and rollback plans.
Patch upgrade and maintain Splunk infrastructure in accordance with HHS and HRSA standards.
Develop and maintain SIEM SOPs workflows architecture diagrams and technical documentation.
Support audits and assessments by producing logging evidence compliance dashboards and audit-ready reports.
Maintain SLA of responding to SIEM-related service requests within two (2) business days.