Provide enterprise administration of current DoD Splunk environment to include but not limited to Linux platform administration, dashboard creation, and architecture enhancements needed in a dynamic environment. Candidate needs to possess understanding of evaluating, maintaining, and sustaining current SIEM related tools with possibility of transition to Elastic. Candidate must have strong communication skills, work in a team environment to include mentoring more junior team members, and have an understanding of both server backend and application front in configurations.
Principal Duties and Responsibilities (*Essential functions)
Install, configure, maintain, tune, and support a clustered Splunk Enterprise 7.x/8.x environment on RHEL (Red Hat Enterprise Linux) servers.
Tune and optimize systems and data sources to better align Splunk license usage with the organization’s strategic goals.
Standardize and implement Splunk component deployment, configuration, and maintenance on Linux and Windows platforms.
Troubleshoot configuration issues utilizing tools such as btool and the Monitoring Console.
Develop dashboards and applications with custom JavaScript, HTML and CSS features to fulfill dynamic organizational requirements with visual metrics for stakeholders.
Onboard new data sources, parse, and extract relevant data while also monitoring license usage.
Plan, test, & resolve issues with Splunk Enterprise within production environment.
Create data retention policies and perform index administration, maintenance, and optimization.
Complete/Maintain STIG configuration checklists of Splunk Infrastructure to support RMF Security Control Assessor - Validator (SCA-V).
Configure Splunk infrastructure to utilize trusted DoD certificates for all communication.
Create reports & lookups in Splunk using database queries, such as SQL, within DB Connect.
Normalize and validate data using the Common Information Model (CIM) across multiple indexes and source types.
Work with AvMC CIO/G6 teams to identify inefficiencies in current monitoring services, propose and implement changes to streamline alerts or automate remediations.
Develop Python scripts to read input files & edit XML data for exporting file, as needed.
Leverage Splunk Enterprise SDK for Python to develop python programs for custom Splunk SPL commands.
At COLSA, people are our most valuable resource and centered at our core value. We invite you to unite your talents with opportunity and be a part of our “Family of Professionals!” Learn about our employee-centric culture and benefits here (https://www.colsa.com/culture_benefits/) .
Required SkillsRequired Experience
Master's degree in related field, or the equivalent experience
Minimum of 10 years work related experience
Deviation from education and/or degree requirements, as defined by contract, requires approval from CO
Demonstrated experience with Splunk
Must be able to obtain Security+CE within 6 months of hire
U.S. Citizenship required; must be able to obtain/maintain a DoD Secret clearance
Working experience within DoD Environment
Working knowledge of hardening OS and applications with DISA STIGs
Strong Communication Skills
Preferred Qualifications
Active DoD Secret clearance
Security+ CE
Knowledge of scripting languages for automation.
Understanding of application performance concepts, VMware, Linux and Windows operating systems, and network infrastructure concepts.
Working knowledge of Elastic Search.
Hands-on Linux system administration
Applicant selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. COLSA Corporation is an Equal Opportunity Employer, Minorities/Females/Veterans/Disabled. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.