IT/Compliance Support

Position Summary:

We are seeking an experienced Splunk Expert with strong configuration and scripting skills to support IT compliance requirements. This role will involve executing a Fixed-Fee Project (FFP) with a well-defined scope of activities, including creating Splunk alerts, configuring correlation events, and integrating compliance-related data sources into Splunk dashboards. The ideal candidate will have expertise in log ingestion, dashboard creation, metric development, and security/compliance automation within Splunk.

Key Responsibilities:

• Splunk Configuration & Alerting:

  • Develop custom Splunk alerts for compliance monitoring.
  • Configure Splunk correlation events to detect and respond to security incidents.
  • Optimize Splunk performance for large-scale data ingestion and analysis.

• Compliance & Security Dashboard Development:

  • Add SCAP (Security Content Automation Protocol) Scan Results to a Splunk Continuous Monitoring (ConMon) Dashboard.
  • Create a Time Skew Metric in Splunk to detect if any system clock is out of sync by more than one minute.
  • Import and analyze WinZip SafeMedia logs (including read/write successes, failures, and attempts).
  • Develop software and firmware patching dashboards displaying patching success/failure with drill-down capability.
  • Create a Flaw Remediation Metric to track the time between vulnerability discovery and remediation (possibly integrating Nessus).

• Log & Data Integration:

  • Import and analyze encryptor logs and network manager logs into Splunk.
  • Optimize log parsing and correlation for compliance and security auditing.

• Automation & Scripting:

  • Develop custom scripts (e.g., Python, Bash, PowerShell) to automate data ingestion and reporting.
  • Implement automated workflows to improve compliance and security reporting.

Required Qualifications & Experience:

• 5+ years of hands-on experience with Splunk administration, scripting, and security analytics.
• Strong knowledge of Splunk Enterprise Security (ES), Splunk ITSI, and Splunk Compliance Monitoring (ConMon).
• Experience in log ingestion, parsing, correlation, and alerting.
• Proficiency in Python, Bash, or PowerShell scripting for automation.
• Familiarity with SCAP scanning, vulnerability management (Nessus, Qualys), and compliance frameworks (NIST, CIS, ISO 27001, FedRAMP, HIPAA, PCI-DSS).
• Experience in integrating security logs, system logs, and third-party data sources into Splunk.

Preferred Qualifications:

• Splunk Certified Architect or Splunk Certified Admin certification.
• Experience in federal IT compliance environments or large-scale enterprise security monitoring.
• Knowledge of machine learning and anomaly detection in Splunk.
• Experience working with AWS, Azure, or Google Cloud Splunk integrations.