Journeyman Splunk Administrator

We are seeking a skilled Splunk Administrator/Operator with at least 4 years of Splunk experience to join our cybersecurity / IT operations team within a dynamic defense agency environment. The ideal candidate will drive the deployment, management, and optimization of Splunk Enterprise, Splunk User Behavior Analytics (UBA), Splunk Security Orchestration, Automation and Response (SOAR), and other Splunk monitoring/reporting capabilities to support mission-critical systems and cybersecurity goals. This role requires practical, hands-on experience working within secure, compliance-driven environments and a proactive approach to daily operations.

Key Responsibilities

• Splunk Platform Management:
  Install, configure, and maintain Splunk Enterprise, UBA, and SOAR in both on-premises and cloud/hybrid architectures; perform system upgrades, patching, and troubleshooting. Strong preference for any Oracle cloud experience.
• UBA and SOAR Optimization:
  Customize and fine-tune UBA models for behavioral analytics; configure playbooks, integrations, and automated actions within SOAR to accelerate threat response. Coordinate directly with on-prem/cloud infrastructure teams to maintain and deploy these modules.
• Security and Compliance:
  Implement and maintain Splunk best practices in accordance with defense agency security policies, compliance requirements, and data retention standards. Experience with STIGs mandatory.
• Incident Handling:
  Respond to incidents with appropriate logs and reports; proactively troubleshoot any log/analytic abnormalities preventatively.
• Collaboration & Agile Delivery:
  Work within Agile project teams, attending ceremonies (stand-ups, sprints, retrospectives) and using Jira for ticketing, backlog tracking, and documentation.
• Knowledge Sharing:
  Develop, update, and share technical documentation, standard operating procedures (SOPs), runbooks, and knowledge articles in alignment with agency practices. Work with many small, medium, and large teams to achieve agency and program objectives.
• Log Management and Analysis:
  Aggregate and parse logs from diverse data sources; develop and maintain dashboards, reports, alerts, and custom searches to surface actionable intelligence.

• Technical Skills:
  • Proficient in deploying and managing Splunk Enterprise, UBA, SOAR, and other Splunk modules.
  • Comfortable with scripting (e.g., Python, Bash) for automation and data manipulation.
  • Experience in designing and tuning Splunk searches, dashboards, alerts, and CIM compliance.
  • Familiarity with log sources common to defense/enterprise networks (Windows, Linux, network appliances, security devices).
  • Working knowledge of Jira for workflow management and Agile methodologies for project delivery.

Key Attributes and Soft Skills

• Must be able to work as a team member in a matrixed organization.
• Strong analytical and problem-solving skills; detail-oriented with a focus on operational excellence.
• Skilled communicator, able to collaborate with IT, cybersecurity, and mission teams in written and verbal communications with a positive attitude and customer-first approach.
• Proactive learner-stays current on Splunk and security operations best practices.

ABOUT PRISM
PRISM is devoted to modernization and innovation within the world of technology, security, and IT enterprise solutions. We are recognized for meeting performance requirements and exceeding customer expectations since 1994. Our culture is founded on relationships, opportunity, and success. Offering comprehensive benefit plans including medical, dental, vision, and 401K along with our people - first approach sustains our reputation as a premier employer.

PRISM is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.