Splunk Administrator

  • SAIC Corporation
  • Washington, DC, USA
  • Nov 19, 2020
Full time Information Technology Telecommunications

Job Description


SAIC is seeking a Splunk Administrator to join SAIC to support our PBGC customer in Washington, D.C. This position is a member of a team that supports the Pension Benefit Guaranty Corporation (PBGC), an independent agency of the United States government. The team operates within the agency's Information Technology Infrastructure Operations Department (ITIOD). The role is a part of the Security Operations team in support of the PBGC ITIOD. The successful candidate will perform Splunk platform administration and related tasks, reporting to the Security Operations Manager.

  • Architect, design, support, and maintain Splunk infrastructure for a highly available and disaster recovery configuration.
  • Support and maintain complete logging infrastructure including, but not limited to, log storage, syslog and Windows Event Collector servers, and database connections
  • Administer Splunk Enterprise Security.
  • Troubleshoot Splunk platform and application issues, escalate the issue and work with Splunk support to resolve issues.
  • Create and manage Splunk knowledge objects (field extractions, macros, event types, etc.).
  • Onboard new data sources into Splunk, analyzed the data for anomalies and trends, and built dashboards highlighting key trends.
  • Perform data mining and analysis, utilizing various queries and reporting methods.
  • Implement KV stores, lookups, and data model acceleration to optimize search performance and reporting.
  • Build and integrated contextual data into notable events.
  • Interact with end users to gather requirements.
  • Perform routine health checks, maintenance tasks, update, upgrade, and implement new capability.
  • Monitor the agent and server infrastructure for capacity planning and optimization
  • Develop security use cases within Splunk Enterprise Security for SOC consumption
  • Mentor users and other groups on their use of Splunk.
  • Develop, execute, and improve work instructions, architecture diagrams and other technical documentation related to Splunk update, upgrade, and health check.
  • Monitor license consumption/make recommendations based on trends in license usage
  • Effectively and accurately document work in various formats including work instructions, change management requests, incident tickets, and email.
  • Improve efficiency through process improvement and automation.
  • The individual must have hands-on technical knowledge of some of the following: SIEM, networking, Linux administration, Windows administration, scripting, and automation.
  • The individual must be able to communicate effectively with a minimum of supervision in verbally and in writing. Must be able to use Word, PowerPoint, and SharePoint effectively.

This position is temporarily remote due to Covid-19.



  • Expertise with Linux and command-line interface.
  • Intermediate level understanding of Solaris, Linux, and Windows operating systems and Oracle/MSSQL databases.
  • Experience deploying apps within Splunk and administrating the Splunk platform.
  • Experience with data normalization and data modeling within the Splunk environment.
  • Experience in creating and managing Splunk DB connects Identities, Database connections, Database inputs, outputs, lookups, access controls
  • Experience with the development of documentation, architecture diagrams, and process and procedures for end users.
  • Experience with Regular Expressions (regex).
  • Knowledge of Splunk architecture and best practices.
  • Knowledge of advanced search and reporting commands.
  • Knowledge of network technology and common internet protocols.
  • Understanding of system log files and other structured and non-structured data.
  • Understand methods of collection, logging, windows filtering, and tuning / baselining data.
  • Bachelor's degree plus seven (7) years of related information security experience otherwise ten (10) years of IT work experience.
  • Five (5) years of experience in administering Splunk.
  • Three (3) years of experience in administering Operation systems (Windows and Linux).
  • Two (2) years of experience in scripting and automation.
  • Three (3) years of experience developing, executing, and improving work instructions and other technical documentation related to Splunk Administration.
  • Current Splunk User and Power User certification required.
  • Current Splunk Certified Administrator required; Splunk Architect highly preferred.

SECURITY CLEARANCE: All candidates for consideration must be eligible to obtain a US Public Trust Clearance.


SAIC is a premier technology integrator solving our nation's modernization and readiness challenges. Our offerings across defense, space, civilian, and intelligence markets include high-end solutions in engineering, IT, and mission outcomes. We integrate the best components from our portfolio with our partner's ecosystem to deliver innovative and effective solutions. We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, VA, SAIC has annual revenues of nearly $7.1 billion. For information, visit saic.com or Working at SAIC for benefits details. SAIC is an Equal Opportunity Employer empowering people no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status. We strive to create a diverse, inclusive and respectful work culture that values all.