Job ID: VA-618080 (98690116)
Splunk Admin with Windows/Linux scripting, SQL, logging, security, Microsoft Sentinel and Systems Center experience
Location: Richmond VA (ABC)
Duration: 6+ months
Skill Required / Desired Amount of Experience Expertise Rating
Experience in an enterprise IT environment as an applications or systems administrator working on Windows and Linux environments Required 5 Years
Experience installing, configuring, and administering Splunk components and architecture Required 2 Years
Experience with Linux and/or Windows scripting languages and automation Required 2 Years
Experience working with various enterprise application and systems logging tools and methods Required 2 Years
Recent experience setting up Splunk alerts, search filters and dashboards Required 2 Years
Experience with databases, datasets, SQL scripting, and database logging Highly desired 2 Years
Experience with IT security best practices for incident and event management, logging, and monitoring Highly desired 2 Years
Splunk Certified Admin, Architect, or Consultant Desired 2 Years
Experience with Microsoft Sentinel Desired
Experience with Microsoft Systems Center Desired
We are looking for an experienced Enterprise Logging & Analytics Architect to lead our current implementation of Splunk and our upcoming deployment of Microsoft Sentinel. The ideal candidate will have prior experience implementing an operational logging and monitoring environment, be proficient in Splunk and have exposure to Microsoft Sentinel and Microsoft Systems Center.
-Review, recommend changes and improve upon the current Splunk Enterprise deployment to include indexer and search head architecture
-Partner with IT stakeholders to develop requirements and create execution plan to utilize centralized enterprise log analysis
-Set up forwarders, logging inputs and Splunk apps on a variety of system sources (Linux, Windows, Weblogic, Tomcat, Oracle, SQL Server)
-Develop implementation strategy for Microsoft Sentinel.
-Use Microsoft Sentinel as appropriate to provide logging and metrics for a variety of Azure based applications.
-Create alerts and monitoring for key security and application events
-Develop dashboards and reports for monitoring of real-time log data
-Train users on utilizing tools to perform routine activities, to include creating dashboards and alerts
-Advise regarding prioritization of data collection and data retention to achieve maximum results for security and event monitoring.
-6+ years of experience in an enterprise IT role
-2+ years of experience as a Splunk Administrator, architect, or consultant
-Experience with a variety of SIEM tools.
-Experience in interacting with other IT stakeholders gathering requirements, onboarding, configuration, and optimization of the Splunk suite of tools
-Preferred experience with Linux systems and using scripting languages (Shell, Python, SQL) to automate tasks and manipulate data
-Knowledge of enterprise logging, including application, OS, and security technology logging