Splunk Administrator

Spektrum supports apex purchasers (NATO UN EU and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services specialised aerospace and defence sales delivery and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

Who we are supporting

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATOs member countries and its partners. The agency was established in 2012 and is headquartered in Brussels Belgium.

The NCIA provides a wide range of services including:

• Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATOs communication networks and information systems against cyber threats.
• Command and Control Systems: The NCIA develops and maintains the systems used by NATOs military commanders to plan and execute operations.
• Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
• Electronic Warfare: The NCIA provides electronic warfare services to support NATOs mission to detect deny and defeat threats to its communication networks.
• Information Management: The NCIA manages NATOs information technology infrastructure including its databases applications and servers.

Overall the NCIA plays a critical role in ensuring the security and effectiveness of NATOs communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATOs principal C3 capability deliverer and CIS service provider. It provides maintains and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV and when required stand together in the face of attack under Article V.

To provide these critical services in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performance-engaged workforce. The NCI Agency workforce strategically consists of three major categorises: NATO International Civilians (NIC)s Military (Mil) and Interim Workforce Consultants (IWC)s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.

Role ID 2026-0025

Role Duties and Responsibilities

• Management of Splunk components deployed within 50 T3 enclaves across high-side and low-side networks.
• Operation and maintenance of a T2 SIEM environment composed of 80 Linux servers (virtual and physical).
• Administration of the full Splunk software stack including:
• Splunk Enterprise
• Splunk Enterprise Security
• Splunk SOAR
• Splunk UBA
• Management of Splunk deployments across more than 350 servers spanning T2 and T3 environments.
• Implementation and operation of fully automated deployment and configuration mechanisms based on Ansible and Git.
• Collection of logs from more than 20000 endpoints appliances and cloud-based solutions.
• Ensuring end-to-end log lifecycle management including:
• Data collection and ingestion
• Parsing and normalization
• Storage and retention
• Categorization and enrichment
• Monitoring of data flows and data quality
• Support and integration of new data sources into the T2 Splunk environment including:
• Project-driven onboarding
• Continuous log collection improvements
• Customer-driven requests
• Coordination with customers for the deployment and configuration of devices hosting log sources including:
• Acting as the technical point of contact for log collection setup
• Supporting customers during the configuration of endpoints appliances and other log sources
• Ensuring proper follow-up with customers until log sources are correctly configured and successfully integrated into the Splunk platform
• Clarifying that endpoints appliances and other log sources are configured by the customer with technical guidance and support provided by the SIEM engineer
• Configuration and management of Splunk components hosted on Linux servers within T2 and T3 environments.
• Execution of system-level activities requiring privileged access including but not limited to:
• Syslog server configuration
• SELinux configuration
• Other OS-level configurations necessary for proper Splunk operation
• Coordination with the entity responsible for Linux operating system management where responsibilities overlap.
• Ensuring that Splunk Enterprise Security is properly configured operational and functioning as intended.
• Verification that correlation rules are correctly deployed and operate reliably.
• Ensuring the overall quality stability and reliability of SIEM services delivered to security analysts.
• Continuous monitoring of platform health and service performance.
• Ongoing maintenance and optimization of SIEM and log collection services.
• Support for continuous improvements in log coverage data quality and platform efficiency.
• Technical support related to SIEM platform usage and data ingestion (excluding security analysis and rule creation).
• Definition maintenance and continuous improvement of operational processes related to SIEM and log collection services.
• Development and upkeep of technical and operational documentation covering:
• Platform architecture and deployment models
• Configuration standards and automation workflows
• Log collection onboarding and data management procedures
• Operational runbooks and troubleshooting guides
• Ensuring documentation remains accurate up to date and aligned with the actual state of the environments.
• Support to process formalization and knowledge transfer activities in coordination with relevant stakeholders.
• Complying with all applicable internal processes including but not limited to Change Requests (CRs) administrative tasks and technical and operational workflows.
• Management of user access to the Splunk platform including the creation modification and removal of user accounts and roles in accordance with defined access control policies.
• Administration of permissions and role-based access controls within Splunk to ensure appropriate and secure access to data and platform features.
• Support to users for issues related to their use of the Splunk platform including:
• Access and authentication issues
• Platform usage and functional questions
• Troubleshooting of Splunk-related user issues
• Coordination with relevant stakeholders to resolve user-reported issues where required.

Essential Skills Experience and Certifications

• Expert Splunk Administrator (Minimum 2 years of experience working on complex & distributed environments)
• Distributed Architecture: Proven experience managing and scaling complex Splunk environments including Indexer Clustering Search Head Clustering and multi-site deployments.
• Advanced Management: Deep knowledge of Splunk configuration files data lifecycle management and managing large-scale deployments via Deployment Servers.
• Critical Distinction: Proposed team members have to specifically be Splunk Administrators. Proposals with team members whose experience is primarily as a Security Analysts (end-user of the UI/investigating alerts) will not be considered.
• Minimum 2 years of hands-on experience in a Linux environment with a proven track record in:
• CLI & System Navigation: Advanced command-line operations file system management and permissions (UID/GID ACLs).
• Service Management: Demonstrated ability to independently install configure and troubleshoot application services (specifically Splunk) on Linux-based servers.
• Technical Scope: Focus is on application-level deployment; hardware configuration and kernel-level patching are excluded from the minimum requirements
• Practical Networking & IT Security Knowledge
• Networking Fundamentals: Solid understanding of core protocols specifically: DNS HTTP(S) SSH syslog TCP/IP and TLS/SSL.
• Security Mindset: Strong grasp of IT security principles including:
• Log integrity
• Encryption in transit
• Role-Based Access Control (RBAC)
• Practical Automation & Programming Knowledge
• Infrastructure Automation: Demonstrated ability to create and execute Ansible playbooks for automated infrastructure and configuration management.
• Scripting & Development: Proven ability to write and maintain functional scripts in Python and Bash for data processing or task automation.
• Version Control: Proficiency in using GitHub (or similar Git-based tools) for configuration management including branching committing and merging code.

Working Location

• Mons Belgium

Working Policy

• On-site

Travel

• Some travel to other NATO sites may be required

Security Clearance

• Valid National or NATO Secret personal security clearance