Splunk Administrator

We are seeking a skilled Splunk Administrator/Operator with at least 4 years of Splunk experience to join our cybersecurity / IT operations team within a dynamic defense agency environment. The ideal candidate will drive the deployment, management, and optimization of Splunk Enterprise, Splunk User Behavior Analytics (UBA), Splunk Security Orchestration, Automation and Response (SOAR), and other Splunk monitoring/reporting capabilities to support mission-critical systems and cybersecurity goals. This role requires practical, hands-on experience working within secure, compliance-driven environments and a proactive approach to daily operations.

Key Responsibilities

Splunk Platform Management:

• Install, configure, and maintain Splunk Enterprise, UBA, and SOAR in both on-premises and cloud/hybrid architectures; perform system upgrades, patching, and troubleshooting. Strong preference for any Oracle cloud experience.

UBA and SOAR Optimization:

• Customize and fine-tune UBA models for behavioral analytics; configure playbooks, integrations, and automated actions within SOAR to accelerate threat response. Coordinate directly with on-prem/cloud infrastructure teams to maintain and deploy these modules.

Security and Compliance:

• Implement and maintain Splunk best practices in accordance with defense agency security policies, compliance requirements, and data retention standards. Experience with STIGs mandatory.

Incident Handling:

• Respond to incidents with appropriate logs and reports; proactively troubleshoot any log/analytic abnormalities preventatively.
• Collaboration & Agile Delivery:
• Work within Agile project teams, attending ceremonies (stand-ups, sprints, retrospectives) and using Jira for ticketing, backlog tracking, and documentation.

Knowledge Sharing:

• Develop, update, and share technical documentation, standard operating procedures (SOPs), runbooks, and knowledge articles in alignment with agency practices. Work with many small, medium, and large teams to achieve agency and program objectives.

Log Management and Analysis:

• Aggregate and parse logs from diverse data sources; develop and maintain dashboards, reports, alerts, and custom searches to surface actionable intelligence.

Required Skill & Experience

• Certification Requirements: DoD 8570 IAT II (e.i. Security+), Splunk Certified Administrator or higher
• 4 years of relevant experience
• Current Secret Clearance or higher

Technical Skills:

• Proficient in deploying and managing Splunk Enterprise, UBA, SOAR, and other Splunk modules.
• Comfortable with scripting (e.g., Python, Bash) for automation and data manipulation.
• Experience in designing and tuning Splunk searches, dashboards, alerts, and CIM compliance.
• Familiarity
• with log sources common to defense/enterprise networks (Windows, Linux, network appliances, security devices).
• Working knowledge of Jira for workflow management and Agile methodologies for project delivery.

Key Attributes and Soft Skills

• Must be able to work as a team member in a matrixed organization.
• Strong analytical and problem-solving skills; detail-oriented with a focus on operational excellence.
• Skilled communicator, able to collaborate with IT, cybersecurity, and mission teams in written and verbal communications with a positive attitude and customer-first approach.
• Proactive learner-stays current on Splunk and security operations best practices.