Splunk Administrator

Splunk Administrator – Summit Technologies LLC

Hybrid position – work 3 days per week onsite in Washington, DC. Must be eligible for a Public Trust clearance.

• Administer Splunk Enterprise and Splunk ES, ensuring availability, performance, and stability.
• Manage log ingestion pipelines (syslog servers, Windows Event Collectors, application connectors).
• Onboard and normalize new data sources, validate data quality, and map to the Common Information Model (CIM).
• Create, maintain, and optimize Splunk knowledge objects (field extractions, lookups, macros, event types, tags).
• Develop and tune dashboards, reports, and alerts to support incident response operations and compliance requirements.
• Monitor license consumption and system capacity; recommend scaling and optimization.
• Troubleshoot forwarders, search head, and indexer issues to maintain operational continuity.
• Implement KV stores, lookups, and data model acceleration for improved performance.
• Support security use case development in Splunk ES for analysts.
• Assist end users with queries, dashboards, and reporting; mentor in SPL and best practices.
• Maintain documentation (SOPs, technical designs, architecture references).
• Contribute to proactive capacity planning and infrastructure health monitoring.

• 3+ years of hands‑on Splunk administration in enterprise environments.
• Strong Linux command line experience; familiarity with Windows and Unix system administration.
• Experience with Splunk ES, CIM, advanced search/reporting commands.
• Knowledge of log ingestion methods, normalization, and baselining techniques.
• Experience with regular expressions for field extractions and data parsing.
• Familiarity with endpoint protection, IDS/IPS, firewalls, and vulnerability management.
• Strong troubleshooting skills across distributed IT infrastructures.
• Excellent interpersonal and communication skills (verbal and written).

• Experience in a Security Operations Center (SOC) environment.
• Experience with data modeling, use case development, and alert tuning.
• Familiarity with NIST and federal cybersecurity frameworks (FISMA, OMB, FedRAMP).
• Experience with other SIEM tools (ELK, Azure Sentinel).
• Splunk Certified Administrator certification preferred.

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Engineering, or related discipline; OR 7+ years of relevant IT experience.

Must be eligible for a Public Trust.

Send an updated resume (include employment dates in MM/YYYY format), best interview dates and times (plus contact phone), and availability to start once an offer is made to psaerekm3qqs9tpwmghcup5fsw@crelate.net with job number 6863 in the subject line.

We are an equal‑opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, disability, or veteran status.