Splunk Administrator - Washington - Conviso Inc.

Description

Key Responsibilities

Splunk Platform Management:

Install, configure, and maintain Splunk Enterprise, UBA, and SOAR in both on-premises and cloud/hybrid architectures; perform system upgrades, patching, and troubleshooting.

Strong preference for any Oracle cloud experience.


UBA and SOAR Optimization:

Customize and fine-tune UBA models for behavioral analytics; configure playbooks, integrations, and automated actions within SOAR to accelerate threat response.

Coordinate directly with on-prem/cloud infrastructure teams to maintain and deploy these modules.


Security and Compliance:

Implement and maintain Splunk best practices in accordance with defense agency security policies, compliance requirements, and data retention standards.

Experience with STIGs mandatory.


Incident Handling:
Respond to incidents with appropriate logs and reports; proactively troubleshoot any log/analytic abnormalities preventatively


Collaboration & Agile Delivery:

Work within Agile project teams, attending ceremonies (stand-ups, sprints, retrospectives) and using Jira for ticketing, backlog tracking, and documentation.

Knowledge Sharing

Develop, update, and share technical documentation, standard operating procedures (SOPs), runbooks, and knowledge articles in alignment with agency practices. Work with many small, medium, and large teams to achieve agency and program objectives.


Log Management and Analysis:

Aggregate and parse logs from diverse data sources; develop and maintain dashboards, reports, alerts, and custom searches to surface actionable intelligence.

Technical Skills:
Proficient in deploying and managing Splunk Enterprise, UBA, SOAR, and other Splunk modules. Comfortable with scripting (e.g., Python, Bash) for automation and data manipulation. Experience in designing and tuning Splunk searches, dashboards, alerts, and CIM compliance. Familiarity with log sources common to defense/enterprise networks (Windows, Linux, network appliances, security devices). Working knowledge of Jira for workflow management and Agile methodologies for project delivery. Key Attributes and Soft Skills Must be able to work as a team member in a matrixed organization. Strong analytical and problem-solving skills; detail-oriented with a focus on operational excellence.

Skilled communicator, able to collaborate with IT, cybersecurity, and mission teams in written and verbal communications with a positive attitude and customer-first approach.

Proactive learner—stays current on Splunk and security operations best practices.

#J-18808-Ljbffr