Description
Description
SAIC is seeking a Splunk Administrator to support enterprise cybersecurity operations. This role is responsible for administering, maintaining, and optimizing Splunk platforms within a mission-critical federal environment. The administrator will ensure reliable log ingestion, efficient search and reporting, and seamless support to analysts and engineers who rely on Splunk for threat detection, forensics, and compliance reporting.
This is an excellent opportunity for an IT professional with hands-on Splunk administration experience who thrives in federal environments and is eager to advance operational security capabilities.
Responsibilities
· Administer and maintain Splunk Enterprise and Splunk ES, ensuring availability, performance, and stability.
· Manage log ingestion pipelines, including syslog servers, Windows Event Collectors, and application connectors.
· Onboard and normalize new data sources, validate data quality, and ensure mapping to the Common Information Model (CIM).
· Create, maintain, and optimize Splunk knowledge objects (field extractions, lookups, macros, event types, tags, etc.).
· Develop and tune dashboards, reports, and alerts to support incident response operations and compliance requirements.
· Monitor Splunk license consumption and system capacity; make recommendations for scaling and optimization.
· Troubleshoot Splunk forwarders, search head, and indexer issues to maintain operational continuity.
· Implement KV stores, lookups, and data model acceleration to improve search and reporting performance.
· Support security use case development in Splunk ES for security incident response analysts.
· Assist end users with queries, dashboards, and reporting needs, providing mentorship in SPL and best practices.
· Maintain documentation, including SOPs, technical designs, and architecture references.
· Monitor Splunk infrastructure health and contribute to proactive capacity planning.
· Participate in team meetings, planning sessions, and technical reviews.
Qualifications
Requirements
· Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Engineering, or related technical discipline; OR 7+ years of equivalent IT experience.
· 3+ years of hands-on Splunk administration experience in enterprise environments.
· Current or recent Splunk Certified Administrator certification preferred.
· Strong Linux command line experience; familiarity with Windows and Unix system administration.
· Demonstrated experience with Splunk ES, CIM, and advanced search/reporting commands.
· Knowledge of log ingestion methods, normalization, and baselining techniques.
· Experience with regular expressions (regex) for field extractions and data parsing.
· Familiarity with security technologies such as endpoint protection, IDS/IPS, firewalls, and vulnerability management.
· Strong troubleshooting skills across distributed IT infrastructures.
· Excellent written and verbal communication skills, with the ability to document technical processes and collaborate across teams.
Preferred Qualifications
· Experience in a Security Operations Center (SOC) environment.
· Experience with data modeling, use case development, and alert tuning.
· Familiarity with NIST and federal cybersecurity frameworks (e.g., FISMA, OMB, FedRAMP).
· Security certifications such as Security+, CISSP, or GSEC.
· Experience with other SIEM tools (e.g., ELK, Azure Sentinel).
Clearance Requirement
All candidates must be eligible to obtain and maintain a U.S. Public Trust clearance.
**This hybrid role requires a minimum of three on-site days per week in Washington, DC.**
Target salary range: $80,001 - $120,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
Apply on company website
Find Connections via Linkedin
