Splunk Administrator with Security Clearance

Company: Johns Hopkins University Applied Physics Laborator
Location: Laurel
Posted on: April 15, 2024

Job Description:

Description Are you searching for exciting and impactful work supporting several diverse Classified
networks? Are you a self-starter that is passionate about crafting visualizations, reports and charts? If so, we're looking for someone like you to apply and join our team at APL! The Splunk Administrator will be a valued member of the team with overall responsibility for engineering, operating, and managing the Splunk Enterprise environment across five classified security enclavesWe provide technical expertise to meet compliance and security objectives across networked environments that require Audit and Logging Operations, Incident Identification and Response CoordinationEach environment consists of Splunk forwarders, indexers, search heads, centralized log servers, with varying data ingestsYou will lead operational responsibilities to include security and overall performance management of the environmentAs a Splunk Administrator, you will...--- Participate in developing security-focused content for our Splunk implementations across the four classified Department of Defense (DoD) networksCoordinate with the APL security operations teams and customers to build threat detection logic and dynamic operational dashboardsAssist with architecting log management, and data ingest solutions to ensure they are scalable and efficientAnalyze and make recommendations for Risk Management Framework (RMF) compliance requirements.
* Leverage automation techniques and develop scripts to manipulate data repositories to support data and threat analysisDevelop documentation supporting management procedures and implementation guides for Splunk-based solutions.
* Deploy and handle Splunk indexers, search heads, forwarders, and other Enterprise components within the distributed environmentsImplement and manage add-ons to enhance capabilities, such as machine learning and sophisticated threat detection.
* Assist with the Assessment and Authorization (A&A) of the Splunk environmentPerform risk assessments along with Security Test & Evaluations (ST&E) of Splunk components and, ensure network computer systems align with the Information Assurance Vulnerability Management (IAVM) standards.
* Review systems to identify potential security weaknesses, recommend improvements, and implement changesWork with the Vulnerability Management team to remediate findings from Assured Compliance Assessment Solution (ACAS)/Nessus and Host-Based Security Solution (HBSS) scans and other automated and manual assessment tools such as DoD Security Technical Implementation Guides (STIGs).
* Work with existing and custom Splunk applications and add-ons to meet compliance requirementsImplement and administer Splunk in Windows and Linux environments.
* Leverage programming skills (e.g., CSS, HTML, JavaScript, Python, shell scripting) to automate security tools managementBuild customized applications within Splunk such as searches, audit scripting, and visualization.
* Track and implement responses and actions to address operational and communication orders from governing organizationsProvide expert analysis of records to prevent or detect anomalies or possible adverse eventsIdentify data accessed, destination and source addresses, timestamps, user login information, and specific sequence of activities to formulate courses of action and/or responsesQualifications You will meet the minimum requirements if you have...--- A BS degree in Computer Science, Management Information Systems, Computer Information Systems, Information Assurance, or comparable field or equivalent years of professional relevant
* 2+ years of Security Engineering experience working with DoD IT enclaves, systems, and solutions
* 1+ years of experience with application and OS enterprise logging, managing, creating rule sets and threat detection logic in Splunk
* Splunk Search Processing Language (SPL) and Regular Expression expertise
* Splunk Core Certified Advanced Power User certification
* Hold an active Secret security clearance with the ability to obtain a Top-Secret clearanceIf selected, you will be subject to a government security investigation and must meet the requirements for access to classified informationEligibility requirements include U.Scitizenship.
* Are able to work occasional weekends and other after-hours to handle and/or complete critical project/work-related business needs.
* Strong communication and presentation skills
You will go above and beyond our minimum requirements if you have...--- Intermediate expertise with Red Hat Enterprise Linux (RHEL) version 8 and 9
* 3+ years of experience leveraging Splunk or audit logs for incident response and user behavior analytics
* Experience reviewing network, host and firewall security logsPrior experience with leading vendor security products such as Tenable, Ivanti, Forescout, Trellix, etc.
* Experience with using scripting languages such as CSS, HTML, JavaScript, Python, and shell scripting to automate tasks and manipulate data
* Experience with Splunk Machine Learning Toolkit (MLTK)
* Splunk Enterprise Certified Admin or Splunk Enterprise Certified Architect
* Current industry certification aligned to DoD Manual 8570, 01-M for IAT II
Why work at APL? While the Johns Hopkins University Applied Physics Laboratory brings world-class expertise to a broad range of challenges, what makes us truly outstanding is our cultureWe offer a vibrant, innovation ecosystem where you can feel safe to share ideas and to continue to grow personally and professionallyAt APL, we celebrate our differences and encourage creativity and bold, new ideas and have earned Best Places to Work accolades in outlets such as Fast Companies and GlassdoorOur employees enjoy generous benefits, including a robust education assistance program, unparalleled retirement contributions, and a healthy work/life balanceAPL's campus is located in the Baltimore-Washington metro areaLearn more about our career opportunities at www.jhuapl.edu/careersAbout Us APL is an Equal Opportunity/Affirmative Action employerAll qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, gender identity or expression, sexual orientation, national origin, age, physical or mental disability, genetic information, veteran status, occupation, marital or familial status, political opinion, personal appearance, or any other characteristic protected by applicable lawAPL is committed to promoting an innovative environment that embraces diversity, encourages creativity, and supports inclusion of new ideasIn doing so, we are committed to providing reasonable accommodation to individuals of all abilities, including those with disabilitiesIf you require a reasonable accommodation to participate in any part of the hiring process, please contact Only by ensuring that everyone's voice is heard are we empowered to be bold, do great things, and make the world a better place.

Keywords: Johns Hopkins University Applied Physics Laborator, Towson , Splunk Administrator with Security Clearance, Other , Laurel, Maryland