ActioNet has an immediate opportunity for an Splunk Administrator requiring a Public Trust - Level 5 Investigation, located in Washington, DC. ActioNet is an IT service provider and solutions integrator headquartered in Vienna, VA that works with the Federal Government and Department of Defense Salary $ 108,000-128,000 We are seeking an experienced Splunk Administrator to manage and maintain a distributed Splunk installation. The ideal candidate will have a strong background in event log management, custom app creation, and diagnostics, with hands-on expertise in deploying and optimizing Splunk in both Microsoft Windows and Linux environments. The role will involve resolving technical issues, improving system performance, and ensuring the integrity and efficiency of the Splunk environment. Roles and Responsibilities: - Architect, configure, deploy, and customize an enterprise-level Splunk environment. - Manage multi-site index clustering, search head peers, and universal and heavy forwarder deployments. - Implement and maintain distributed Splunk installations, including cluster master configuration and deployment server management. - Add new data sources and perform complex data parsing, including regular expressions, index-time, and search-time processing. - Create custom Splunk apps, including searches, alerts, dashboards, custom JavaScript visualizations, views, and reports. - Design and implement knowledge object and access control standards across the Splunk environment. - Troubleshoot and resolve errors in the Splunk stack, utilizing tools like btool. - Manage SSL certificates for Splunk traffic, including creation, renewal, and configuration. - Leverage advanced Splunk search language to query and correlate data from multiple sources. - Plan and implement Splunk premium apps, such as Splunk ES, app for Exchange, and User Behavior Analytics. - Migrate existing operational processes to Splunk for automation and efficiency. - Document procedures and create Standard Operating Procedures (SOPs) for Splunk operations. - Collaborate with the security team to improve visibility and incident response through effective Splunk integration. Qualifications: - 2+ years of hands-on experience in designing, configuring, and deploying Splunk in an enterprise environment. - Splunk Certified Administrator and Power User. - Experience with multi-site index clustering, search head peers, and forwarder deployments. - Expertise in event log management, data parsing, and syslog data management. - Skilled in creating custom Splunk apps, dashboards, and reports. - Experience in managing SSL certificates for Splunk traffic. - Proficient in using Splunk's search language and troubleshooting tools like btool. - Experience with programming languages such as PowerShell, Python, Visual Basic, or C++. - Strong understanding of security controls, particularly in a federated environment. - The position aligns with 8140 compliance standards, ensuring the candidate has the necessary expertise in security assessment and authorization, federal information processing standards (FIPS), and risk management frameworks (RMF). Full-Time Employees are eligible to participate in our ActioNet's Benefits Program: - Medical Insurance - Vision Insurance - Dental Insurance - Life and AD&D Insurance - 401(k) Savings Plan - Education and Professional Training - Flexible Spending Accounts (FSA) - Employee Referral and Merit Recognition Programs - Employee Assistance and Identity Theft Protection - Paid Holidays: 11 per year - Paid Time Off (PTO) - Disability Insurance