Splunk Administrator

Responsible for providing support to PMW 220 Information System Security Officer or Manager (ISSO/ISSM) for Risk Management Framework (RMF) implementation and continuous monitoring. Provides assistance with and guidance on the deployment, use and administration of Cybersecurity operations tools, e.g. Security Information and Event Management (SIEM) tools such as Splunkas required within the PMW 220 portfolio and commercial and private cloud hosting environments to ensure that the controls within the security controls baseline are inplace and functioning as intended to protect Navy data. The candidate will work with the PMW 220 Audit Readiness Section as necessary to coordinate the identification and remediation of cybersecurity control weaknesses with financial audit impacts.

The ideal candidate will have 3 to 5 years of experience working in a cybersecurity operations environment maintaining the security of enterprise level systems.

The ideal candidate will have 3 to 5 years of experience working as a Linux Systems Administrator.

The candidate must have 3 to 5 years of experience working as a Splunk Administrator in a large enterprise environment.

The candidate must have 3 to 5 years of experience deploying and maintaining 2-Tier and 3-Tier applications.

The candidate must have familiarity with SIEM tools, vulnerability scanning tools, monitoring tools and automated security assessment tools.

The candidate must have either a certification in Linux (ie CompTIA's Linux+) or on-line/formal training completion certificate in Linux to meet CSWF requirements (ie: a vendor course for preparation in obtaining a CompTIA Linux+ certification).

The candidate must be certified to meet IAT Level 1 CSWF requirements (ie: Isc2's CISSP).

SECRET security clearance with favorably adjudicated T5 background investigation.

• The candidate must have the knowledge skills and abilities required to:
  • Assess system compliance with DISA Application Security STIG(s).
  • Justify reasons STIG configurations cannot be implemented.
  • Document mitigating factors for non-compliant STIG configurations.
  • Develop Plan of Actions and Milestones (POA&M) related to remediation and/or mitigation of vulnerabilities.
  • Implement Splunk Enterprise Security in a large enterprise environment.
  • Deploy Splunk Universal Forwarders to collect Linux, Windows, Database, AWS, and other application events and forward to Splunk Indexers.
  • Deploy Splunk APPS.
  • Write Splunk scripts for events filtering.
  • Perform Splunk Enterprise Data Administration.
  • Install, upgrade and patch Applications.
  • Work with operating system administrators in support of application agent custom installation requirements and troubleshooting.
  • Troubleshoot issues with applications in a complex network environment (ie: Cloud).
  • Understand TCP/IP (IPv4, IPv6) along with related protocols (HTTP, FTP, SSH, NFS,etc...).
  • Maintain documentation of processes, procedures and configurations related to maintaining applications.
  • Communicate effectively in writing and verbally.
  • Work effectively independently and as part of a group.
  • Develop concise, realistic and executable implementation schedules, project plans and system assessment plans.
  • Track POA&M items and provide status updates.
• The ideal candidate will have the knowledge, skills and abilities required to:
  • Write scripts (bash, shell, perl, python, etc...).
  • Write regular expressions.
• The ideal candidate will have Operating System (OS) Administration experience (3 to 5 years).
• The ideal candidate will have hands-on IT experience to include server build, ldap, and an understanding of Encryption Algorithms and PKI authentication implementation.

The ideal candidate will have extensive hands-on experience Installing/Configuring and Administering the Splunk Enterprise Security App.

150-200k