Splunk Architect Subject Matter Expert
Government Acquisitions Inc. (GAI) is seeking an experienced Splunk Architect Subject Matter Expert.The Splunk Enterprise SME will support our Internal Revenue Service (IRS) client in New Carrollton MD. As part of the design and implementation effort, the Splunk Enterprise SME will participate in various aspects of the implementation, including using Splunk to develop a proof of concept where legacy information systems are migrated to Splunk Enterprise. The developer will have to model data from several legacy and/or modern applications before ingesting the data into Splunk. The Splunk Enterprise SME will work closely with government personnel and other MAXIMUS professionals in a team environment. JOB RESPONSIBILITIES/DUTIESThe Splunk Enterprise SME will have the following responsibilities: . Build design documentation for deploying advanced network access control given a baseline understanding of current tools deployed and the implementation status of each tool. . Build strategic plan to merge Network Access Control (NAC) data into SPLUNK with consideration of using the Phantom tool. . Build strategic plan and technology outline of how best to get ticketing assignments put into the current ticketing system based on understanding of current practices and incident response efforts. . Build standard operating guidance and other key documentation to outline process and procedures that will need to be executed to successfully execute NAC in the short and long term. . Execute approved strategic plan and track progress, issues and gaps. . Provide expert guidance on Phantom, CISCO UCS, ForeScout, SPLUNK and migration from HPE ArcSight. . Provide Splunk support for design, architecture, development, unit test, deployment, installation, configuration, integration, operation, and maintenance to include: o Splunk infrastructure and application administration o Splunk ingestion, connector and syslog engineering/management and support across applications, server, database, and mainframe systems o Support for Guardium SQL database auditing ingestion into Splunk o Splunk search head, indexer and forwarder administration o Advanced event analysis and use of Splunk as a business tool o Ability to support multiple instances and modules of Splunk o Communications with stakeholders and customers to understand and address business requirements and expectations for the use of Splunk. o Content use cases, categorization files, filters, reports, queries, dashboards, rules, and Active Channels depending on the COTS product o Expertise with Splunk Enterprise with ability to demonstrate support for premium solutions such as Enterprise Security, User Behavior Analytics, and IT Service Intelligence o Experience in requirements analysis, data modeling, and implementation of the Splunk Enterprise Security, User Behavior Analytics and IT Service Intelligence solutions from Splunk. . The candidate will provide Splunk support for design, architecture, development, unit test, deployment, installation, configuration, integration, operation, and maintenance. The contractor will support the expansion of the environment to include architecting Search Head, Indexer, and Forwarder instances needed to service the expanding enterprise demand expected on the Splunk System as cross organizational use cases emerge. The candidate must be able to work 1-2 days a week at the IRS facility in New Carrollton MD, with remaining days working remotely from home. The selected candidate must be flexible and available to attend meetings or perform other activities in New Carrollton as required. QUALIFICATIONS: . The candidate must be a Splunk expert with strong information security experience and have mastered working with regular expressions to effectively extract key tokens of data into meaningful fields. . Experience with relational databases is a plus. . Experience with application servers being used for the extraction, transformation, and loading (ETL) of operational logs and individuals audit data deposited in a staging area for generating audit analysis reports. . Experience with AMDAS on MQ Series will be critical. Cyber security experience. . Familiarity with the configuration file options that are not available through the GUI. . A sophisticated understanding of Splunk "Search" language . Possess a deep understanding of Splunk Dashboards, Reports, Lookup Tables, and Summary Indexes. . Knowledge of how to customize Dashboards via the XML source. . Awareness of the Common Information Model and how to apply it directly and indirectly to data feeds. . Experience with Splunk Apps (both using and making). . Intermediate to Expert -level capability with the Python Scripting Language. . Awareness of how to handle null data and its impact on statistical analysis. . Bachelor's Degree from an accredited college or university required, an additional four (4) years of related work experience can substitute for a degree . At least eight (8) years of experience in security applications and systems related audit and accountability . Experience with reviewing, analyzing and coordinating requirements for ingesting auditable and actionable events into Splunk. . Proven ability to work on and with teams comprised of the primary client and other client stakeholders dispersed across geographical sites. . Excellent verbal and written communication skills. Physical Requirements: . Work is performed in a general office environment Additional Requirements as per contract/client: . Candidates must meet requirements to obtain and maintain an IRS Minimum Background Investigation (MBI) clearance (active IRS Moderate Risk MBI clearance is a plus). . Candidates must be a US Citizen or a Legal Permanent Resident (Green Card status) for 3 years, and be Federal Tax compliant. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, marital status or national origin.