Splunk Administrator with Security Clearance
Company: Johns Hopkins University Applied Physics Laborator
Location: Laurel
Posted on: April 15, 2024
|
|
Job Description:
Description Are you searching for exciting and impactful work
supporting several diverse Classified
networks? Are you a self-starter that is passionate about crafting
visualizations, reports and charts? If so, we're looking for
someone like you to apply and join our team at APL! The Splunk
Administrator will be a valued member of the team with overall
responsibility for engineering, operating, and managing the Splunk
Enterprise environment across five classified security enclavesWe
provide technical expertise to meet compliance and security
objectives across networked environments that require Audit and
Logging Operations, Incident Identification and Response
CoordinationEach environment consists of Splunk forwarders,
indexers, search heads, centralized log servers, with varying data
ingestsYou will lead operational responsibilities to include
security and overall performance management of the environmentAs a
Splunk Administrator, you will...--- Participate in developing
security-focused content for our Splunk implementations across the
four classified Department of Defense (DoD) networksCoordinate with
the APL security operations teams and customers to build threat
detection logic and dynamic operational dashboardsAssist with
architecting log management, and data ingest solutions to ensure
they are scalable and efficientAnalyze and make recommendations for
Risk Management Framework (RMF) compliance requirements.
* Leverage automation techniques and develop scripts to manipulate
data repositories to support data and threat analysisDevelop
documentation supporting management procedures and implementation
guides for Splunk-based solutions.
* Deploy and handle Splunk indexers, search heads, forwarders, and
other Enterprise components within the distributed
environmentsImplement and manage add-ons to enhance capabilities,
such as machine learning and sophisticated threat detection.
* Assist with the Assessment and Authorization (A&A) of the
Splunk environmentPerform risk assessments along with Security Test
& Evaluations (ST&E) of Splunk components and, ensure network
computer systems align with the Information Assurance Vulnerability
Management (IAVM) standards.
* Review systems to identify potential security weaknesses,
recommend improvements, and implement changesWork with the
Vulnerability Management team to remediate findings from Assured
Compliance Assessment Solution (ACAS)/Nessus and Host-Based
Security Solution (HBSS) scans and other automated and manual
assessment tools such as DoD Security Technical Implementation
Guides (STIGs).
* Work with existing and custom Splunk applications and add-ons to
meet compliance requirementsImplement and administer Splunk in
Windows and Linux environments.
* Leverage programming skills (e.g., CSS, HTML, JavaScript, Python,
shell scripting) to automate security tools managementBuild
customized applications within Splunk such as searches, audit
scripting, and visualization.
* Track and implement responses and actions to address operational
and communication orders from governing organizationsProvide expert
analysis of records to prevent or detect anomalies or possible
adverse eventsIdentify data accessed, destination and source
addresses, timestamps, user login information, and specific
sequence of activities to formulate courses of action and/or
responsesQualifications You will meet the minimum requirements if
you have...--- A BS degree in Computer Science, Management
Information Systems, Computer Information Systems, Information
Assurance, or comparable field or equivalent years of professional
relevant
* 2+ years of Security Engineering experience working with DoD IT
enclaves, systems, and solutions
* 1+ years of experience with application and OS enterprise
logging, managing, creating rule sets and threat detection logic in
Splunk
* Splunk Search Processing Language (SPL) and Regular Expression
expertise
* Splunk Core Certified Advanced Power User certification
* Hold an active Secret security clearance with the ability to
obtain a Top-Secret clearanceIf selected, you will be subject to a
government security investigation and must meet the requirements
for access to classified informationEligibility requirements
include U.Scitizenship.
* Are able to work occasional weekends and other after-hours to
handle and/or complete critical project/work-related business
needs.
* Strong communication and presentation skills
You will go above and beyond our minimum requirements if you
have...--- Intermediate expertise with Red Hat Enterprise Linux
(RHEL) version 8 and 9
* 3+ years of experience leveraging Splunk or audit logs for
incident response and user behavior analytics
* Experience reviewing network, host and firewall security
logsPrior experience with leading vendor security products such as
Tenable, Ivanti, Forescout, Trellix, etc.
* Experience with using scripting languages such as CSS, HTML,
JavaScript, Python, and shell scripting to automate tasks and
manipulate data
* Experience with Splunk Machine Learning Toolkit (MLTK)
* Splunk Enterprise Certified Admin or Splunk Enterprise Certified
Architect
* Current industry certification aligned to DoD Manual 8570, 01-M
for IAT II
Why work at APL? While the Johns Hopkins University Applied Physics
Laboratory brings world-class expertise to a broad range of
challenges, what makes us truly outstanding is our cultureWe offer
a vibrant, innovation ecosystem where you can feel safe to share
ideas and to continue to grow personally and professionallyAt APL,
we celebrate our differences and encourage creativity and bold, new
ideas and have earned Best Places to Work accolades in outlets such
as Fast Companies and GlassdoorOur employees enjoy generous
benefits, including a robust education assistance program,
unparalleled retirement contributions, and a healthy work/life
balanceAPL's campus is located in the Baltimore-Washington metro
areaLearn more about our career opportunities at
www.jhuapl.edu/careersAbout Us APL is an Equal
Opportunity/Affirmative Action employerAll qualified applicants
will receive consideration for employment without regard to race,
creed, color, religion, sex, gender identity or expression, sexual
orientation, national origin, age, physical or mental disability,
genetic information, veteran status, occupation, marital or
familial status, political opinion, personal appearance, or any
other characteristic protected by applicable lawAPL is committed to
promoting an innovative environment that embraces diversity,
encourages creativity, and supports inclusion of new ideasIn doing
so, we are committed to providing reasonable accommodation to
individuals of all abilities, including those with disabilitiesIf
you require a reasonable accommodation to participate in any part
of the hiring process, please contact Only by ensuring that
everyone's voice is heard are we empowered to be bold, do great
things, and make the world a better place.
Keywords: Johns Hopkins University Applied Physics Laborator, Dundalk , Splunk Administrator with Security Clearance, Other , Laurel, Maryland
Click
here to apply!
|