Senior Principal Splunk Administrator

General Dynamics Mission Systems, Inc

  • Enterprise, ON
  • Permanent
  • Temps-plein
  • Il y a 1 mois
Basic Qualifications :Bachelor's degree in a related specialized area or equivalent is required plus a minimum of 10 years of relevant experience; or Master's degree plus a minimum of 8 years of relevant experience.Due to the nature of work performed within our facilities, U.S. citizenship is required. Responsibilities for this Position:General Dynamics Mission Systems (GDMS) Information Technology Cyber Security (ITCS) has an immediate need for a Sr Principal Splunk Administrator (Sr Princ IT Security Spec) with specific experience administering Splunk Enterprise on-prem and cloud environments, as well as network and endpoint security tools. This position will work for and support the GDMS Security Operations Center (SOC) in defending GDMS interests by administering a cadre of Cyber security products to effectively detect and respond to malicious actions taken against our enterprise. The primary role for this position will be as subject matter expert for our Splunk Cloud environment. This position will work closely with members of applicable Information Technology teams to maintain event logging availability for support of daily monitoring and analysis requirements.Key Responsibilities
  • Work in tandem with our Splunk engineers to ensure we are meeting enterprise logging requirements.
  • Ensure Splunk on-prem components are kept in line with the latest Splunk release candidates.
  • Work to ensure our Splunk components are patched and hardened per corporate security guidelines.
  • Be intimately familiar with configuration, deployment, and troubleshooting of Splunk components both on-prem and in the cloud; search heads, indexers, universal forwarders, heavy forwarders.
  • Be considered an advanced Splunk Query Language user.
  • Be able to install, deploy, and troubleshoot Splunk Apps in a multi-site clustered and distributed deployment.
  • Be able to scale, upgrade, and troubleshoot a multi-site clustered and distributed Splunk deployment.
  • Understanding knowledge of log aggregation and correlation of events.
  • Develop dashboards with visual metrics for needed stakeholders.
  • Ability and knowledge to maintain and preserve data integrity.
  • Standardize and implement agnostic SIEM tools for deployment, configuration and maintenance across backend systems: Linux, Windows, etc.
  • Work with IT and Cyber team members across different lines of service to understand business needs for generating reports.
  • Maintain, operate, tune, upgrade/patch, and monitor all LAA security related tools and products.
  • Knowledge to integrate logs and events across multiple datasets, applications, network devices and operating systems.
  • Provide technical advice on the product, deployment, functionality and its capabilities.
  • Communicate to the needed stakeholders any new or deprecated features that may impact the business.
  • Check for health alerts issues on needed systems and proceed to address then accordingly.
  • Communicate with needed stakeholders or open case with toolset vendor(s) to investigate the root cause of issues.
  • Familiarization with change manangement processes to ensure upgrades and patches are conducted in a way that is communicated accordingly.
  • Ensure logging is kept up to par with program and customer needs.
  • Attend weekly SE meeting and provide operational status updates on SIEM/Logging capabilities.
Knowledge Skills and Abilities
  • Splunk Cloud certified admin preferred.
  • Understanding and experience administering typical host and network-based security tools.
  • Advanced knowledge of backend operating systems to implement, maintain, configure, and remediate issues (UNIX/Linux/Windows)
  • Knowledge of operating systems and networking.
  • Understanding of SIEM & logging fundamentals.
  • Understanding of SOC Monitor and Response fundamentals.
  • Experience in any type of SIEM – Splunk, ArcSight, Log Rhythm, etc.
  • Understanding of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
  • Knowledge of various operating system flavors including but not limited to Windows, Linux, Unix.
  • Knowledge of applications, databases, middleware to address security threats against the same.
  • Proficient in preparation of reports, dashboards, and documentation.
  • Excellent communication and leadership skills.
  • Ability to handle high pressure situations with key stakeholders.
  • Good Analytical skills, problem solving and Interpersonal skills.
  • Working knowledge and experience with MS office with proficiency in Excel.
Salary Note: This estimate represents the typical salary range for this position based on experience and other factors (geographic location, etc.). Actual pay may vary. This job posting will remain open until the position is filled. Combined Salary Range: USD $145,600.00 - USD $157,600.00 /Yr. Company Overview:At General Dynamics Mission Systems, we rise to the challenge each day to ensure the safety of those that lead, serve, and protect the world we live in. We do this by making the world’s most advanced defense platforms even smarter. Our engineers redefine what’s possible and our manufacturing team brings it to life, building the brains behind the brawn on submarines, ships, combat vehicles, aircraft, satellites, and other advanced systems.We pride ourselves in being a great place to work with this shared sense of purpose, committed to a diverse and exciting employee experience that drives innovation and creates a community where all feel welcome and a part of something amazing.We offer highly competitive benefits and a flexible work environment where contributions are recognized and rewarded. To see more about our benefits, visitGeneral Dynamics is an Equal Opportunity/Affirmative Action Employer that is committed to hiring a diverse and talented workforce. EOE/Disability/Veteran

General Dynamics Mission Systems, Inc