Job Description
Tulzi Technologies is seeking a Splunk Architect to provide design, deployment, and configuration of Splunk in both on-premises and cloud environments.
SPLUNK ARCHITECT
Location: Annapolis Junction or Joint Base Andrews
Security Clearance: TS with SCI eligibility or TS/SCI
Job responsibilities/duties:
The Splunk Architect/Engineer SME will have the following responsibilities:
· Provide Splunk support for design, architecture, development, unit test, deployment, installation, configuration, integration, operation, and maintenance
· Experience in the design and upgrade of Splunk in the cloud and on-premise environments to include architecting search head, indexer, universal forwarder, and heavy forwarder instances needed to service the expanding enterprise demand expected on the Splunk System as cross organizational use cases emerge
· Drive complex security focused Splunk deployments, including architecting, implementing, and integrating with a current or planned customer security and monitoring strategy to include advanced products like Enterprise Security.
· Build Splunk dashboards that take inputs from various data sources such as application logs, operating system logs, middleware logs, network feeds, etc
· Utilize Splunk to develop data requirements, data catalog(s), data descriptions, data sources, and data formatting to ensure that security controls can be measured and managed across on-premises and cloud IT services
· Turn data into action with intelligent analytics and clear insights. Define raw input requirements to support data models as well as final outputs required to ensure Department personnel can assess the security status of computing systems and produce readable, understandable summary reporting
· Expertise in Lookup Tables, CSV, and Summary Indexes.
· Inventory and assess data sources and inputs and ensure this data is prioritized and properly formatted for Splunk ingest and report generation.
· Build Splunk dashboards that take inputs from vendor tools such as Tenable, Trellix, Cisco, Microsoft, etc.
Requirements:
· Bachelor's degree in Computer Science, Information Technology, or related field. Equivalent four years of work experience can substitute for a degree.
· Proven experience in a Splunk Architect role.
· Strong understanding of Splunk architecture, components, and deployment options.
· Proficiency in Splunk Search Processing Language (SPL) for creating complex search queries and reports.
· Experience with Splunk data ingestion methods, including forwarders, Event Collector (HEC), and scripted inputs.
· Five years of experience with planning, designing, deploying, and configuring Splunk in cloud, virtual, and physical environments.
· Solid understanding of IT infrastructure, including networking, operating systems, and security principles.
· Excellent problem-solving skills and attention to detail.
· Strong communication and collaboration abilities.
Desired Skills:
· Experience with installing Enterprise Security, SOAR, and Qmulos.
· Familiarity with Syslog servers
· System administrator
· Network administrator
· Experience with Linux and Windows.
Clearance:
• Top Secret with SCI eligibility. TS/SCI preferred.
Certifications:
· Splunk Architect certification is required.
· At least Security + and other 8140 requirements. Willing to obtain a IA TLevel lll certification within three to four months.
Job Tags
Work experience placement, Remote job,