* Demonstrated experience using Splunk Search Processing Language to assist customers in creating queries, setting alerts, identifying event conditions, and building dashboards
* Installing, configuring, and deploying Splunk infrastructure, to include search heads, indexers, forwarders, and other Splunk components
* Monitor and maintain Splunk performance, availability, and capacity.
* Test and deploy new versions of Splunk to all enterprise servers as they are made available by the relevant DHA organization
* Grow and improve the enterprise Splunk environment to a mature implementation by creating forwarder apps to ingest data
* Support large-scale deployments with data feeds from multiple locations worldwide
* Develop reliable, efficient, and re-usable queries that will feed custom alerts and dashboards
* Splunk account creation and role-based access control / permissioning
* Act as the Splunk liaison for Splunk technical questions, issues or escalations. This will include working with Splunk Support, Product Management or others as needed.
* Administration of the servers on which Splunk infrastructure is deployed is not a direct responsibility, but the successful candidate must be familiar enough with both Splunk and server administration to participate in server troubleshooting affecting Splunk performance.
- At least 8 years involved working directly with Splunk
- Experience with the Department of Defense or other federal agencies is preferred but not required.
- Hold an industry certification IAT III or IAM III
- The ability to obtain a clearance
- Secret Clearance
-Ability to start ASAP