Splunk Administrator
Apply NowCompany: Resource Informatics Group
Location: Culpeper, VA 22701
Description:
Title : Splunk Administrator
Location: United States - Culpeper (1621 McDevitt Dr, VA 22701 Culpeper, United States) Hybrid
Role responsibilities:
Onboard data to Splunk via forwarder, scripted inputs, TCP/UDP, and modular inputs from a variety of sources.
Develop and implement strategies to normalize current and future log data, making it consistent and usable for analysis.
Assess existing Splunk data feeds and implement changes to improve overall SIEM health and align with best practices
Diagnose and resolve issues related to log ingestion and normalization.
Administration & Support
Provide operations and maintenance support for a distributed Splunk environment consisting of heavy forwarders, indexers, and search head servers
Build, implement, and administer Splunk in Linux environments
Work with existing and custom Splunk applications and add-ons to fulfil customer needs
Editing and maintaining Splunk configuration files and apps
Maintain comprehensive documentation of log onboarding and normalization processes.
Support security operational teams
Required qualifications:
Experience with Splunk Enterprise hands-on Engineering & Administration
deployment, troubleshooting, onboarding data, and maintenance in a clustered environment
Proficiency in SPL
Experience implementing CIM compliance and optimizing Splunk data models
Location: United States - Culpeper (1621 McDevitt Dr, VA 22701 Culpeper, United States) Hybrid
Role responsibilities:
Onboard data to Splunk via forwarder, scripted inputs, TCP/UDP, and modular inputs from a variety of sources.
Develop and implement strategies to normalize current and future log data, making it consistent and usable for analysis.
Assess existing Splunk data feeds and implement changes to improve overall SIEM health and align with best practices
Diagnose and resolve issues related to log ingestion and normalization.
Administration & Support
Provide operations and maintenance support for a distributed Splunk environment consisting of heavy forwarders, indexers, and search head servers
Build, implement, and administer Splunk in Linux environments
Work with existing and custom Splunk applications and add-ons to fulfil customer needs
Editing and maintaining Splunk configuration files and apps
Maintain comprehensive documentation of log onboarding and normalization processes.
Support security operational teams
Required qualifications:
Experience with Splunk Enterprise hands-on Engineering & Administration
deployment, troubleshooting, onboarding data, and maintenance in a clustered environment
Proficiency in SPL
Experience implementing CIM compliance and optimizing Splunk data models