This position will work a rotating hybrid schedule in Beltsville, MD. WEEK 1 - 2 days onsite, 3 days remote WEEK 2 - 3 days onsite, 2 days remote.

Responsibilities:

• Manage the administration of a growing 15 TB/day on-premises Splunk deployment, including both operating system and application aspects.
• Integrate new data sources and technologies into Splunk Enterprise using the Common Information Model (CIM).
• Onboard data by directly editing Splunk configuration files, utilizing RegEx skills as needed.
• Troubleshoot log feeds by effectively communicating with external departments in an enterprise environment.
• Apply upgrades and patches as necessary to maintain system security and compliance.
• Assist cyber analysts in solving complex big data search processing challenges using expert SPL knowledge.
• Support Splunk Enterprise Security and Ansible.
• The position will require several days per week working onsite in Beltsville, MD.

Basic Qualifications:

• Requires a Bachelor’s Degree and at least 9 years of experience in IT. Masters in Data Analytics preferred.
• US Citizenship with a Secret clearance and with the ability to obtain a Top Secret clearance.
• Must be able to work a hybrid schedule.
• Hands-on experience with Unix in a STIG environment.
• Proficiency in working with bash prompts, including editing configuration files and performing troubleshooting analysis with TCPDump.
• Prior Tier-1 Administrator experience, including familiarity with network protocols such as DNS, DHCP, LDAP, SSH, SMTP, etc.
• At least 3 years of hands-on Splunk Administration experience in a multi-indexer search head cluster environment.
• Understanding of security-centric data sets.
• Familiarity with cloud computing and experience working in a cloud environment.
• Proficiency in Python, SQL, Bash, and PowerShell.
• Must have one of the following certifications: CASP+ CE, CCNP, CEH, CFR, CHFI, CISA, CISSP, Cloud+, CND, CySA+, GCED, GCIH, GICSP, or SSCP or the ability to obtain before start date.