Responsibilities & Qualification

•Administer the Splunk based log management system and analyze the current logging capabilities;

•Ensure the Agency Information Security systems administered by the Team are sending all required logs to the log management system;

•Maintain the Log Management and Security Information and Event Management system to collect and aggregate IDS/IPS data from network sensors, raw data from collection agents, firewalls (including but not limited to Layer 7 Application Firewalls), proxy servers, DLP, antivirus/endpoint protection software, and vulnerability scanner elements;

•Tune the SIEM and IDS/Intrusion Prevention System (IPS) events to minimize false positives;

•Enroll NRC network and systems information into the SIEM tool, using information from the Vulnerability and Compliance;

•Scanning System (VCSS) and input from ISSOs, and perform asset categorization and privatization;

•Tune the capabilities as practicable to improve efficiency and ensure that reporting capabilities of the log management system are working properly;

•Validate that agency log retention requirements are configured properly within the agency’s log management system;

•Identify shortfalls in the current capability and identify systems that are not sending logs to the agency log management system;

•Recommend improvements to current processes;

•Provide technical guidance to administrators of other IT systems to ensure their logs are sent to the agency’s log management system;

•Configure agency’s log management system role-based access controls so that logs for specific systems can only be accessed by designated administrators.

•5 years of experience with Splunk;

•Minimum 10 years of relevant experience;

•Experience in architecture, design, support, maintenance, and expansion of an enterprise log management/SIEM infrastructure in a highly resilient configuration;

•Experience in monitoring an enterprise log management/SIEM server and agent infrastructure for capacity planning and system optimization;

•Experience in deployment, configuration, and maintenance of log forwarder agents across a variety of UNIX and Windows platforms;

•Experience in collaboration with a variety of IT stakeholders in design and maintenance of production-quality log management/SIEM reports and dashboards to support data analysis and visualization;

•Experience in creation and maintenance of documentation related to log management/SIEM infrastructure configuration and operational processes;

•Advanced system administration skills with Linux operating systems;

•Knowledge of regular expression, scripting, and application development languages (e.g., Python, Perl, JavaScript, Linux shell scripting);

•Must be able to successfully obtain a Public Trust;

•Telework (local to the DC, Maryland, Virginia area preferred).