Splunk AdministratorAnalyst

Job Title: Splunk Administrator/Analyst

Job Code: 36419

Job Location: USA-TX-San Antonio

Job Schedule: 5/8: Employees work 8 hours per day 5 days a week

Job Description:

• L3Harrisis currently searching for aSplunk Administrator/Analyst for ourSan Antonio TX Splunk Administrator/Analyst position requires an active Top Secret Clearance with SCI eligibility. Seeking an experienced Splunk Administrator to manage and maintain a distributed Splunk installation. The ideal candidate will have a strong background in event log management custom app creation and diagnostics with hands-on expertise in deploying and optimizing Splunk in both Microsoft Windows and Linux environments. The role will involve resolving technical issues improving system performance and ensuring the integrity and efficiency of the Splunk environment. Position allows for a certain degree of creativity and latitude and will report to the engineering site manager and operations manager. Position does not allow for any remote work.

Essential Functions:

• Provide Network Support services for a Department of Defense (DoD) Senior Leader Network exercising discretion and independent judgement when events or incidents occur to ensure corrective actions are captured and incidents resolved in an expedient manner.
• Architect configure deploy and customize an enterprise-level Splunk environment.
• Manage multi-site index clustering search head peers and universal and heavy forwarder deployments.
• Implement and maintain distributed Splunk installations including cluster master configuration and deployment server management.
• Add new data sources and perform complex data parsing including regular expressions index-time and search-time processing.
• Create custom Splunk apps including searches alerts dashboards custom JavaScript visualizations views and reports.
• Design and implement knowledge object and access control standards across the Splunk environment.
• Troubleshoot and resolve errors in the Splunk stack.
• Manage SSL certificates for Splunk traffic including creation renewal and configuration.
• Leverage advanced Splunk search language to query and correlate data from multiple sources.
• Migrate existing operational processes to Splunk for automation and efficiency.
• Document procedures and create Standard Operating Procedures (SOPs) for Splunk operations.
• Collaborate with the security team to improve visibility and incident response through effective Splunk integration.
• Maintain proficiency training based on prescribed and posted NETWORK training guidelines
• Provide Tier I/II engineering support to subscriber aircraft on live missions and serve as a point of entry for any RF field support and/or corrective maintenance actions

Qualifications:

• Bachelors Degree and minimum 4 years of prior relevant experience. Graduate Degree and a minimum of 2 years of prior related lieu of a degree minimum of 8 years of prior related experience.
• Must have aTop Secret clearancewith eligibility to SCI
• Sec required (The position aligns with 8140 compliance standards ensuring the candidate has the necessary expertise in security assessment and authorization federal information processing standards (FIPS) and risk management frameworks (RMF).

Preferred Additional Skills:

• Minimum of 2 years of hands-on experience in designing configuring and deploying Splunk in an enterprise environment.
• Splunk Certified Administrator.
• Experience with multi-site index clustering search head peers and forwarder deployments.
• Expertise in event log management data parsing and syslog data management.
• Skilled in creating custom Splunk apps dashboards and reports.
• Experience in managing SSL certificates for Splunk traffic.
• Proficient in using Splunks search language and troubleshooting tools.
• Experience with programming languages such as PowerShell Python Visual Basic or C.
• Strong understanding of security controls particularly in a federated environment.

#LI-SC3