Job ID: VA-618080 (98690116)
Splunk Admin with Windows/Linux scripting, SQL, logging, security, Microsoft Sentinel and Systems Center experience
Location: Richmond VA (ABC)
Duration: 6+ months
Interview: In-person
SkillRequired / DesiredAmountof ExperienceExpertise Rating
Experience in an enterprise IT environment as an applications or systems administrator working on Windows and Linux environmentsRequired5Years
Experience installing, configuring, and administering Splunk components and architectureRequired2Years
Experience with Linux and/or Windows scripting languages and automationRequired2Years
Experience working with various enterprise application and systems logging tools and methodsRequired2Years
Recent experience setting up Splunk alerts, search filters and dashboardsRequired2Years
Experience with databases, datasets, SQL scripting, and database loggingHighly desired2Years
Experience with IT security best practices for incident and event management, logging, and monitoringHighly desired2Years
Splunk Certified Admin, Architect, or ConsultantDesired2Years
Experience with Microsoft SentinelDesired
Experience with Microsoft Systems CenterDesired
We are looking for an experienced Enterprise Logging & Analytics Architect to lead our current implementation of Splunk and our upcoming deployment of Microsoft Sentinel. The ideal candidate will have prior experience implementing an operational logging and monitoring environment, be proficient in Splunk and have exposure to Microsoft Sentinel and Microsoft Systems Center.
-Review, recommend changes and improve upon the current Splunk Enterprise deployment to include indexer and search head architecture
-Partner with IT stakeholders to develop requirements and create execution plan to utilize centralized enterprise log analysis
-Set up forwarders, logging inputs and Splunk apps on a variety of system sources (Linux, Windows, Weblogic, Tomcat, Oracle, SQL Server)
-Develop implementation strategy for Microsoft Sentinel.
-Use Microsoft Sentinel as appropriate to provide logging and metrics for a variety of Azure based applications.
-Create alerts and monitoring for key security and application events
-Develop dashboards and reports for monitoring of real-time log data
-Train users on utilizing tools to perform routine activities, to include creating dashboards and alerts
-Advise regarding prioritization of data collection and data retention to achieve maximum results for security and event monitoring.
Required Experience:
-6+ years of experience in an enterprise IT role
-2+ years of experience as a Splunk Administrator, architect, or consultant
-Experience with a variety of SIEM tools.
-Experience in interacting with other IT stakeholders gathering requirements, onboarding, configuration, and optimization of the Splunk suite of tools
-Preferred experience with Linux systems and using scripting languages (Shell, Python, SQL) to automate tasks and manipulate data
-Knowledge of enterprise logging, including application, OS, and security technology logging