The Splunk Content System Engineer Responsibilities:
Participate in the operation of an Enterprise Splunk Security Information and Event Management system, to include; Splunk indexers, search heads, forwarders, heavy forwarders, and deployment servers, other logger devices and appliances, Windows and Linux servers and a variety of network and security related devices that can also include AWS and Azure cloud implementations.
Support implementing and maintaining the technical solution to the client, in accordance with an agreed technical design
Support technical design for enterprise solutions.
Design, deploy and configure a Splunk Architecture for high-availability and failover
Tune Splunk performance and event data quality to maximized Splunk system efficiency
Perform routine equipment checks and preventative maintenance
Apply Configuration Management disciplines to maintain hardware/software revisions, Splunk content, security patches, hardening, and documentation
Follow Change Management Process and System Development Lifecycle process associated with varies development models (Agile)
Develop and deploy content for a complex and growing Splunk infrastructure; including use cases that involve Dashboards, Active Channels, Reports, Rules, Filters, Trends, and Active Lists
Provide optimization of data flow using aggregation, filters, etc.
Develop custom correlations as required to meet use case objectives
Support initial build, enhancement, and continual improvement of an integrated set of correlation rules, alerts, searches, reports, and responses
Lead and coordinate event collection, log management, event management, compliance automation, and identity monitoring activities
Prepare, mentor, and train client and team members to Splunk related Standard Operating Procedures.
Maintain excellent communication skills, both oral and written, working with senior technical and executive staff.
Education and technical experience:
8 year’s overall professional experience and a Bachelor of Arts/Science or equivalent degree in computer science or related area of study; without a degree, three additional years of relevant professional experience
5 years’ experience using Security Information and Event Management products, to include ArcSight, Splunk, Trustwave, Elastic Search, Logstash, Kabana
5 years Hands-on Splunk experience developing & managing use cases and content; Dashboards, Active Channels, Reports, Rules, Filters, Trends, Active Lists, etc.
2 years Linux experience
Programming languages: Perl, VBS, RegEx, Boolean, and Scripting skills are highly desired
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.