The AFINC II contract supporting the 26th Network Operations Squadron (26NOS) is searching for qualified candidates to serve as members of the Enterprise Network Applications Tools (ENAT) Team. These candidates will fill the position of Splunk Administrator(s), responsible for maintaining the Splunk installation used to support the 26NOS. The/These candidate(s) will be responsible for overseeing and supporting the maintenance and update of the Splunk install and the integration of the Splunk Install with other systems supporting the mission of the 26NOS. Responsibilities
- Serve as Splunk Administrator responsible for planning, managing, and implementing Splunk across multiple enterprise networks and implementations.
- Provide expertise as it relates to Splunk implementations. Recommend and support changes to Splunk deployments.
- Support Indexer Clustering, Search Head Clustering, and Forwarders.
- Monitor, troubleshoot, and analyze overall health of Splunk infrastructure to include daily indexing volume, search volume and performance, data source reporting, user activity reporting, and custom apps/dashboards/visualizations.
- Perform root cause analysis on any issues with recommendations. Implement tactical and strategic solutions to problems.
- Develop, manage, and maintain documents supporting Splunk architecture and operational processes.
- Data on-boarding techniques such as syslog, DB Connect (dbConnect), Universal Forwarder (UF), HTTP Event Collector (HEC), and custom scripting.
- Express a working knowledge of Linux to include use cases supporting patching, SSL toolset, capacity planning, routing protocols, and firewall rules.
- SPL/Dashboard experience in support of user analytics, systems performance, security, and environmental health.
- Knowledge of Splunk DataModels and their management to include implementation, tuning, and data normalization.
- Familiarity with Department Information Systems Agency (DISA) Security Technical Implementation Guidelines (STIGs) checklists applicable to each Non-classified or Secret Internet Protocol (IP) Router Network (NIPRNet, SIPRNet) network environment for all Splunk implementations.
- Implement/create report dashboard designs, automated custom email report notifications, report log data repositories for each environment that are specific to the following audiences: Leadership & Executives; Cybersecurity Staff; and System Administrators Please review the list of responsibilities and qualifications for this position. If a candidate does not meet all the qualifications, they may still be considered depending upon certification and experience. Qualifications/Requirements: - Splunk Administrator candidate should have a minimum of 3+ years of Splunk products experience.
- Splunk experience performing administration in a large-scale environment. Preferably overseeing daily, weekly, monthly functions and following best practices.
- Identify, analyze, define, & coordinate user, client, and stakeholder needs and translate them into technical requirements.
- Support day-to-day technical communication systems and incident tickets in support of operations.
- Be familiar with scripting tools such as Python, Bash, and SPL. Firm understanding of REGEX.
Candidate should have experience in:
- System Integration and/or administration for Splunk users, searches/reports, dashboards, systems, or onboarding 3rd party log data.
- Windows OS, UNIX or Linux-based systems support with experience in mid-to-large data center environments and patch/update management.
- Demonstrated advanced diagnostics, analytical, troubleshooting skills.
- Experience with physical servers and those hosted within virtualized environments such as VMware vSphere’s vCenter Server Appliance.
- Must be able to push/pull, lift, or carry up to 50 lbs.
- Must be willing to travel up to 5% (3 weeks) of the year, dependent on contract needs and requirements that may arise. Education/Certification(s):                           - Technical degree, Associates or, bachelor’s degree in computer science/information systems, Science/Engineering/Math, or 2-4 years’ relevant experience in Information Technology preferably within system or application administration is acceptable There are three required certifications for this position, of which two are required to start on the contract and one that must be earned within 90 days of start. Requires one of the following DoD 8570.01-M Information Assurance Technical (IAT) Level II certification to begin on contract:
- CompTIA Security+ CE (Continuing Education)
- CompTIA Cybersecurity Analyst (CySA+) CE (Continuing Education)
- (ISC)² Systems Security Certified Practitioner (SSCP)
- GIAC Global Industrial Cyber Security Professional (GICSP)
GIAC Security Essentials Certification (GSEC)
- (ISC)² Systems Security Certified Practitioner (SSCP) Requires one of the following Computing Environment/Operating System (CE/OS) to begin on contract (Linux/Unix preferred):
- Microsoft 365 Certified: Identity and Access Administrator Associate
- Microsoft 365 Certified: Endpoint Administrator Associate
- Microsoft 365 Certified: Azure Administrator Associate
- Linux Foundation Certified System Administrator (LFCS) (Preferred)
- LPIC-1 (Preferred)
- Linux+ (Preferred) Requires the following technical certifications within 45 days of starting on the contract:
- Splunk Enterprise Certified Admin Clearance:  Active DoD Secret required or ability to complete investigation process for interim with potential to upgrade to Top Secret clearance preferred. SMS is a dynamic systems integrator established in 1976, delivering talented teams and innovative, cost-effective solutions and services to support our customers’ missions for more than 47 years. Our ability to hire and retain quality people in a rapidly evolving IT market is proven through our employee retention rate averaging over 3 years. At SMS, we place a high value on quality of service, customer satisfaction, and best-of-breed policies and practices, resulting in CMMI Level 3 certification and ISO registrations including 9001:2015, 20000-1:2018, and ISO/IEC 27001:2013. SMS is headquartered in McLean, Virginia, with offices and on-site operations at customer locations throughout the United States.  SMS is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.