Enterprise Computer Solutions (EntComps) is looking for smart, creative individuals interested in helping grow something truly unique in our markets. While the ideal candidate is great at independently getting their work done, at the same time they are a team player who readily and proactively contributes to team activities to both the team and client’s consistent satisfaction. EntComps, you are seen as an expert in the work that you do and are capable of leading specific initiatives within the team with little to no guidance.
We are currently looking for a Splunk System Administrator who will:
Position Description:
The Systems Administrator will support the federal agency’s Cyber Data Lake and SIEM implementation of SPLUNK. The Splunk Systems Admin will control all role-based access controls (RBAC), following established procedures to add and remove users to established roles and security groups. The Splunk Systems Administrator will also recommend and implement all system patching and upgrades required to support the Cyber Data Lake coordinating with other agency organizations and following agency Configuration Management processes.
Responsibilities:
· Manage Role Based Access Control (RBAC) for all system users.
· Lead system updates and patches for Cyber Data Lake system components. Manage and maintain the Splunk Enterprise components to include installation, configuration, adherence to configuration compliance requirements, patching and maintenance, system tuning, and documentation updates.
· Monitor system (sometimes after hours) to provide technical support for customer system integrations.
· Provide monthly user system use reports (e.g., user queries, searches, etc.) to support compliance and internal review.
· Provide extensive data logs to support cyber investigations, sourced from various components within the agency.
· Support Splunk Alert creation and monitoring.
· Provide user-level external access to the other agencies upon request.
· Develop, update, recommend, incorporate, and maintain enhancements to user, administration, and operations documentation, including but not limited to standard operating procedures (SOPs), job aids, application checklists, guidance documents, and templates.
· To address service-impacting issues, during non-core operational support hours, the Contractor must provide standby, on-call, US-based technical support to triage ingestion issues. The agency estimates actual off-business-hour events to be rare (less than 1 per month).
· Report critical events within one hour of discovery. Contractor personnel must work with Department personnel and other Contractor teams to quickly respond to and resolve all incidents.
· Provide FOIA and eDiscovery search and documentation assistance.
Required Qualifications:
· 5+ years of related experience required
· Bachelor’s degree in Computer Science, Information Systems, Mathematics, Engineering, or related degree or an additional two (2) years of relevant experience.
· 5+ years of Linux systems administration and support
· Experience administering SPLUNK environment (Heavy Forwarders, Syslog Servers, Deployment Servers).
· Experience implementing Role Based Access Controls and integrating Active Directory security groups for system access controls.
· Strong background in leading system updates and applying security patches for critical infrastructure. For instance, overseeing the regular patching cycles for a Cyber Data Lake environment to mitigate vulnerabilities.
· Proven ability to install, configure, and maintain Cyber Defense Infrastructure System components. This includes ensuring compliance with configuration standards and performing system tuning for optimal performance.
· Ability to monitor systems and provide technical support, including after-hours, for seamless customer system integrations. For example, troubleshooting integration issues during off-peak hours to maintain system uptime.
· Experience generating detailed user system usage reports to support compliance audits and internal reviews. This includes creating monthly reports on user queries and searches to ensure regulatory adherence.
· Skilled in maintaining and providing comprehensive data logs from various system components to support cyber investigations. For example, extracting and analyzing log data to assist in forensic investigations.
· Experience granting and managing user-level access to external agencies as needed, ensuring secure and efficient collaboration. For instance, setting up and managing secure access for partner agencies during a data sharing initiative.
· Ability to create, update, and maintain comprehensive documentation, including Standard Operating Procedures (SOPs), job aids, and operational guidelines. For example, developing a detailed SOP for system administrators on incident response protocols.
· Capability to report and respond to critical events within strict timelines, collaborating with various teams to resolve incidents quickly. This includes providing support for FOIA (Freedom of Information Act) and eDiscovery requests by conducting thorough searches and preparing necessary documentation.
Desired Qualifications:
- Five (5) years of experience, preferably within the Splunk Enterprise support.
- Enduring Curiosity: A relentless desire to learn and solve complex problems.
- Innate Passion for Challenges: A deep appreciation for the journey and process of mastering skills.
- External Drive for Proficiency: A strong motivation to excel in consulting, IT, cybersecurity, and industry best practices.
Clearance:
Ability to obtain a Public Trust clearance is required. Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to sensitive information.
Job Type: Full-time
Pay: Up to $123,000.00 per year
Benefits:
- Dental insurance
- Health insurance
Schedule:
Experience:
- Splunk: 5 years (Required)
- Linux: 5 years (Required)
- System administration: 5 years (Required)
Security clearance:
Work Location: Remote