Splunk Cybersecurity SME

About The Position

Requirements

• 5+ Years of Splunk Experience Required
• Experience with Splunk deployment and configuration management in large-scale environments
• Proficiency in writing complex Splunk queries, dashboards, and alerts using SPL (Search Processing Language)
• Experience with REST APIs for Splunk and external system integration
• Ability to analyze and troubleshoot complex data ingestion and parsing issues
• Self-starter with a service-oriented mindset who will take action, find ways to solve problems, and move projects to conclusion independently
• Strong problem-solving skills and the ability to translate research insights into practical solutions that address real-world challenges.
• Strong communication and collaboration skills with the ability to articulate complex technical concepts to both technical and non-technical audiences.
• Experience in mentoring and guiding junior researchers or team members
• Ability to obtain and maintain a Public Trust clearance and successfully pass a thorough Government background screening process requiring the completion of detailed forms and fingerprinting
• This position has a U.S. residency requirement. The USPS security clearance process requires the selected candidate to have resided in the U.S. (including U.S. Territories) for the last five years as follows: U.S. Citizens cannot have left the U.S. (including U.S. Territories) for longer than 6 months consecutively in the last 3 years (unless they meet certain exceptions). Non-U.S. Citizens cannot have left the U.S. (including U.S. Territories) for longer than 90 days consecutively in the last 3 years.

Nice To Haves

• Ability to leverage the Splunk AI Assistant and other AI tools to increase accuracy and efficiency of task and other deliverables
• Advanced knowledge of Unix/Linux and/or Windows systems administration and troubleshooting
• Strong scripting skills in Bash, Python, JavaScript, SQL and PowerShell for automation and integration tasks
• Experience with Splunk upgrades, patching, and performance tuning
• Proficiency in integrating Splunk with cloud platforms (AWS, GCP, Azure)
• Understanding of security and compliance requirements and implementation of role-based access controls (RBAC) in Splunk
• Strong knowledge of logging standards and best practices across application and infrastructure layers
• Extensive knowledge of defense-in-depth principles, Network and Security architecture, network topology, IT device integrity, and common security elements.
• Executes new projects as well as data and user onboarding
• Strong understanding of IT and Cyber industry standards and technologies to include such controls governed by NIST, FISMA, and FedRamp
• Experience installing and utilizing and developing with the Splunk App for Data Science and Deep Learning.
• Experience installing and utilizing and developing with the Splunk SOAR Automation toolset
• Experience or background in the Cybersecurity, Systems/Network Administration or Observability industry

Responsibilities

• Responsible for designing, deploying, and maintaining on-premises and cloud based Splunk environments to support enterprise-level monitoring, alerting, and reporting
• Deep expertise in Splunk system architecture, design, implementation, configuration and operational support in a hybrid on-prem Unix/Linux and cloud-based environment
• Collaborate across DevOps, Security, and IT teams to optimize performance, ensure data integrity, system availability and support mission-critical operations
• Hands-on experience with a large enterprise wide Splunk environment is mandatory
• Off-hours and weekend efforts for systems maintenance, upgrades and support may be required from time to time
• Manages knowledge objects (fields, extractions, tags, event types, lookups, workflow actions, aliases, macros, and so on) – through automations, scripting, management server functions; to include .conf and .cfg files in scope of the last four Splunk Enterprise versions
• Designing and developing an automations workflow and dashboard interface for such

Benefits

• Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match.
• To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave.
• GDIT typically provides new employees with 15 days of paid leave per calendar year to be used for vacations, personal business, and illness and an additional 10 paid holidays per year. Paid leave and paid holidays are prorated based on the employee’s date of hire.
• The GDIT Paid Family Leave program provides a total of up to 160 hours of paid leave in a rolling 12 month period for eligible employees.
• To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available.