Splunk Master with Security Clearance

Required Education/Experience
BS degree in Science, Technology, Engineering, Math or related field and 12 - 15 years of prior relevant experience with a focus on cyber security or Masters with 10 - 13 years of prior relevant experience. Required Security Clearance: Active TS/SCI
Primary Responsibilities

• Conceptualize, Design, Build, and Maintain current and future NOSC supported tools and platforms.

• Manage multiple assignments, changing priorities, and work independently with little oversight.

• Provide direct support for onboarding data into Splunk via forwarder, scripted inputs, TCP/UDP and modular inputs from sources such as FireEye, BlueCoat proxies, Big IP, Cisco, Palo Alto, host syslogs, etc.

• Support all support, guidance and develop processes to evaluate and improve all operating systems, hardware support, software, firmware solutions and provide advisement concerning future purchase of the same.

• Create, manage, and support automation solutions for Splunk deployment and orchestration within a Cloud environment.

• Work closely with senior engineers, other team members and application owners to solve technical problems at the network, system and application levels.

• Conduct periodic architectural reviews of installed sensors to assess effectiveness and propose optimal installation alternatives as required.

• Conduct network security architecture reviews to determine the size, and placement of intrusion monitoring equipment during the customer onboarding process.

• Documentation and Reporting along with presentation, teamwork and DHS wide collaboration are among the expected duties and mission of the task order.

• Build, implement and administer Splunk in Windows and Linux environments. Basic Qualifications

• Require BS degree and 12 years of experience in system administration, database administration, network engineering, software engineering, and/or software development, with a concentration in Cybersecurity.

• At least eight (8) years of experience with Splunk in distributed deployments

• Proficiency managing Splunk using the Splunk command-line interface

• Proficiency managing Splunk using configuration files

• Experience onboarding data into Splunk via forwarder, scripted inputs, TCP/UDP and modular inputs from a variety of sources.

• Proficiency onboarding data using Splunk developed add-ons for Windows, Linux, and common third-party devices and applications

• Experience collaborating with separate engineering teams to configure data sources for Splunk integration

• 7+ Years experience in Linux, Windows and SQL/ODBC interfaces

• Proficiency implementing and onboarding data in Splunk DB Connect

• 4+ Years experience in app interface development, using REST API's

• Experience with Splunk performing systems administration, including performing installation, configuration, monitoring system performance and availability, upgrades, and troubleshooting

• Experience developing in XML, Bash, JavaScript and Python, Perl, PowerShell scripts

• General networking and security troubleshooting (firewalls, routing, NAT, etc.)

• Splunk architecture/design, implementation, and troubleshooting experience

• Experience in managing, maintaining, and administering multi-site indexer cluster

• Scripting and development skills (BASH, python, or java) with strong knowledge of regular expressions

• Proficiency developing log ingestion and aggregation strategies per Splunk best practices

• Proficiency normalizing data to Splunk Common Information Model (CIM)

• Experience implementing and optimizing Splunk data models

• Expertise developing security-focused content for Splunk, including creation of complex threat detection log and operational dashboards

• Perform integration activities to configure, connect, and pull data with 3rd party software APIs.

• Ability to autonomously prioritize and successfully deliver across a portfolio of projects

• Undertakes day-to-day operational and user support

• Department of Homeland Security ESOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program. Must Have One of the Following J3 Certifications
SANS: GCWN - Windows Security Administrator, GISF - Security Fundamentals, GSSP - Secure Software Programmer, GICSP - Cyber Security Professional
Carnegie Mellon University: SEI (Software Engineering Institute)
ISC2: CCSP - Certified Cloud Security Professional, CISSP - Certified Information Systems Security, CSSLP - Certified Secure Software Lifecycle Professional, SSCP - Systems Security Certified Practitioner
CISCO: CCNP, CCIE Security
EC-Council: ECSP - EC-Council certified Secure Programmer
Microsoft: MCSE - Microsoft Certified Solutions Expert
RedHat: RHCA, RHCE
VMWare: VCA (Certified Associate), VCP (Certified Professional), VCAP (Certified Advanced Professional), VCIX (Implementation Expert), VCDX (Certified Design Expert)
NetApps: Converged Infrastructure Specialist, Certified Implementation Engineer Specialist, Certified Data Administrator Professional, Certified Storage Associate