Job Overview

This role will provide Splunk Enterprise, Enterprise Security and Phantom engineering support for the MCIA team in Quantico, VA to include but not limited to instance administration, data ingestion configuration, dashboard and visualization creation, and Universal Forwarder management across all MCISRE Splunk instances.

Primary Responsibilities

• Manage existing Splunk and equivalent hardware infrastructure and oversee production support in a clustered environment.
• Utilize other technology support areas to bring new datasets into the Splunk Environment.
• Collaborate with other teams to ensure complete asset identification and coverage across all network enclaves.
• Assist key stakeholders in drafting and developing Phantom Playbooks for task automation.
• Support migration plan to shift aspects of the deployment from on-prem to a Cloud environment.
• Assist with the development of advanced reports and dashboards to meet the requirements of key stakeholders.
• Provide onboarding, configuration and optimization of the Splunk instances.
• Provide expertise in the deployment, configuration and operations the Splunk instances.
• Perform advanced search and reporting as required by key stakeholders.
• Troubleshoot and debug issues as they occur within the Splunk deployments.
• Work to ensure all system SOPs are updated accordingly.
• Provided support to other key stakeholders during network inquiries and incident response reporting.
• Other duties as required

Basic Qualifications and Requirements

• Solid understanding of UNIX/Linux operating system administration (3-5 years).
• Solid understanding of Splunk Engineering best practices (Splunk Enterprise Certified Admin or Equivalent training).
• DoD 8570 Certified IAT Tier III and IAM Tier II.
• Solid understanding of Cyber Threat Analysis Tools, Tactics, and Techniques (3-5 years).
• Knowledge of RegEx and SPL.

Preferred Qualifications

• Solid understanding of Network Infrastructure and Security Requirements.
• Splunk Enterprise Certified Architect or Equivalent training.
• Demonstrated knowledge of Python, PowerShell, and other scripting languages.
• Previous experience creating Phantom Playbooks for automated Cyber Response capabilities.

Additional Notes

• Must have an active Top Secret/SCI Clearance
• Must be a US Citizen or have permanent resident status
• Must be able to remain in a stationary position 50%

August Schell Enterprises Inc. is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status.