Splunk Administrator

Title : Splunk Administrator

Location: United States - Culpeper (1621 McDevitt Dr, VA 22701 Culpeper, United States) Hybrid

Role responsibilities:

• Onboard data to Splunk via forwarder, scripted inputs, TCP/UDP, and modular inputs from a variety of sources.

• Develop and implement strategies to normalize current and future log data, making it consistent and usable for analysis.

• Assess existing Splunk data feeds and implement changes to improve overall SIEM health and align with best practices

• Diagnose and resolve issues related to log ingestion and normalization.

Administration & Support

• Provide operations and maintenance support for a distributed Splunk environment consisting of heavy forwarders, indexers, and search head servers

• Build, implement, and administer Splunk in Linux environments

• Work with existing and custom Splunk applications and add-ons to fulfil customer needs

• Editing and maintaining Splunk configuration files and apps

• Maintain comprehensive documentation of log onboarding and normalization processes.

• Support security operational teams

Required qualifications:

Experience with Splunk Enterprise hands-on Engineering & Administration

deployment, troubleshooting, onboarding data, and maintenance in a clustered environment

Proficiency in SPL Experience implementing CIM compliance and optimizing Splunk data models