IT/Compliance Support
CA
Contracted
Mid Level
Position Summary:
We are seeking an experienced Splunk Expert with strong configuration and scripting skills to support IT compliance requirements. This role will involve executing a Fixed-Fee Project (FFP) with a well-defined scope of activities, including creating Splunk alerts, configuring correlation events, and integrating compliance-related data sources into Splunk dashboards. The ideal candidate will have expertise in log ingestion, dashboard creation, metric development, and security/compliance automation within Splunk.
Key Responsibilities:
Splunk Configuration & Alerting:
- Develop custom Splunk alerts for compliance monitoring.
- Configure Splunk correlation events to detect and respond to security incidents.
- Optimize Splunk performance for large-scale data ingestion and analysis.
Compliance & Security Dashboard Development:
- Add SCAP (Security Content Automation Protocol) Scan Results to a Splunk Continuous Monitoring (ConMon) Dashboard.
- Create a Time Skew Metric in Splunk to detect if any system clock is out of sync by more than one minute.
- Import and analyze WinZip SafeMedia logs (including read/write successes, failures, and attempts).
- Develop software and firmware patching dashboards displaying patching success/failure with drill-down capability.
- Create a Flaw Remediation Metric to track the time between vulnerability discovery and remediation (possibly integrating Nessus).
Log & Data Integration:
- Import and analyze encryptor logs and network manager logs into Splunk.
- Optimize log parsing and correlation for compliance and security auditing.
Automation & Scripting:
- Develop custom scripts (e.g., Python, Bash, PowerShell) to automate data ingestion and reporting.
- Implement automated workflows to improve compliance and security reporting.
Required Qualifications & Experience:
- 5+ years of hands-on experience with Splunk administration, scripting, and security analytics.
- Strong knowledge of Splunk Enterprise Security (ES), Splunk ITSI, and Splunk Compliance Monitoring (ConMon).
- Experience in log ingestion, parsing, correlation, and alerting.
- Proficiency in Python, Bash, or PowerShell scripting for automation.
- Familiarity with SCAP scanning, vulnerability management (Nessus, Qualys), and compliance frameworks (NIST, CIS, ISO 27001, FedRAMP, HIPAA, PCI-DSS).
- Experience in integrating security logs, system logs, and third-party data sources into Splunk.
Preferred Qualifications:
- Splunk Certified Architect or Splunk Certified Admin certification.
- Experience in federal IT compliance environments or large-scale enterprise security monitoring.
- Knowledge of machine learning and anomaly detection in Splunk.
- Experience working with AWS, Azure, or Google Cloud Splunk integrations.
Apply for this position
Required*