SMS is seeking a Splunk specialist to support the DoD's JRSS (Joint Regional Security Stack) deployment activities, a multi-year, global effort to improve the DoD's
security posture and provide enhanced security capabilities and analytics by centralizing and virtualizing network security into regional stacks rather than locally
SMS is a fast growing, veteran-owned business that's has supported Federal Government's IT initiatives for over four decades. We work side-by-side with our Federal clients as a trusted, long-term partner to offer innovative advice and leadership to solve their most pressing and complex problems. We orchestrate people, strategies, technologies and best-of-breed business processes. The SMS advantage in management and technology consulting includes deep domain expertise in complex networking design and unifying communities of interest.
We have strong capabilities in design & build, planning, governance, quality management, security, analytics, virtualization, operations and business process improvement. For 40 years, SMS has brought customer satisfaction to Federal clients and formed lasting alliances with leading technology companies and talented small businesses to deliver joint, leading-edge, cost-effective services and products.
Submit your resume today!
In this role, you will act as the senior support person for Splunk. In this capacity you will work as part of a multi-disciplinary team that supports the active and passive
Computer Network Defense (CND) tools deployed in stacks. You will also integrate with other technical teams, with DISA personnel, with vendor technical support
personnel, and with technical representatives from DoD services.
The Sr. Splunk Engineer should have a strong Splunk Admin background to support Splunk platform. Additionally, a strong Splunk development background is
desired. The responsibilities, include data onboarding (including syslog), troubleshooting multi-clustered Splunk Enterprise environments, assist internal Splunk users
on query optimization and visualization, write complex regex for field extractions and build data models
EDUCATION & EXPERIENCE:
Bachelor's degree from an accredited college in a related discipline, or equivalent experience/combined education, with 8 years or more of professional experience.
Equivalent work experience will be considered in lieu of degree.
Splunk Administrator certificationSplunk Developer certification
Current IAT II 8570 Certification (Security+ce, CISSP, etc)
A DoD Secret clearance is required to work on this program. In addition, you must be able to successfully obtain up to Top Secret based on requirements from the
customer and program.
The successful candidate will be able to do the following Splunk tasks:
Onboarding Splunk ES critical data sources - ingestion of critical data sources/data logs from the enterprise into the SIEM (Security Information Event Management)
tool to meet the Splunk ES (Enterprise Security) implementation
Normalizing Log Data to CIM (Common Information Model) as required by Splunk ES (Enterprise Security) to meet the provided security use cases (Rules/Alerts)
Create viewable Splunk dashboards to provide visibility into ingested log data
Create alerts that trigger/activate on configured setting to deploy or sends a note/email/attachments to a particulate destination email or groups
Create security rules (alerts) that trigger on anomalous activities or threat detections
Splunk Support - Assisting Customers with any issues when ingestion of logs that are not working properly. Or, communication issues with Splunk.
Resolving Splunk infrastructure or system issues.
Splunk Admin certification
To be a successful fit to this assignment, you should be well versed in TCP/IP communications and in Unix server construction, configuration, and maintenance. You
should have a general knowledge of router and firewall functionality on a network. You should be familiar with the MS Office tool suite. You must have excellent
written and oral communications skills and be able to appropriately present highly technical material to both technical and non-technical audiences.
ADDITIONAL DESIRED QUALIFICATIONS:
Prior experience as a network intrusion analyst or Security Operations Center analyst.
Experience configuring and maintaining the tool in a multi-tenant environment using VLANs to differentiate customers' traffic
Experience with one or more of the other CND tools in the JRSS cyber suite:
SMS is an Equal Opportunity Employer.
SMS is a veteran-owned network integrator established in 1976. With an employee retention rate averaging over 5 years, our ability to hire quality people and retain them in a rapidly evolving IT market proves why we are a world-class information technology company. At SMS, we place a high value on quality of service, customer satisfaction, and best-of-breed policies and practices. As a result, SMS is proud to be ISO 9001:2008 Registered and a CMMI Level 3 certified company, ensuring that we continue to meet and exceed the expectations of our customers, partners and employees.