Job ID: 22-E-34
POSITION CLASSIFICATION: Splunk Administrator
BUREAU SERVED: Information Security
LOCATION: chicago
SALARY: Commensurate with experience
SUMMARY OF DUTIES AND RESPONSIBILITIES:
Under the direction of the Chief Information Security Officer, the Splunk Administrator will play a key role in protecting OAG computer and networking systems from potential cyber-attacks. The Splunk Administrator will be responsible for managing, designing, planning, and the deployment of sophisticated security and environment monitoring capabilities. The Splunk Administrator will lead the installation, provisioning, configuration, operation, maintenance, and troubleshooting for all Splunk applications and hardware. The Splunk Administrator will collaborate with and mentor the compliance, engineering, and operations teams in the identification and addition of new data feeds and systems for monitoring to the Splunk platform.
MINIMUM QUALIFICATIONS:
This position requires a bachelor’s degree in Information Security or a related field and a minimum of 3 years of in depth Splunk Administration experience, or an equivalent combination of training and experience. At least one certification such as Splunk Enterprise Certified Administrator, Splunk Enterprise Certified Architect, Splunk Enterprise Security Certified Administrator, or Splunk Cloud Certified Administrator is required. Experience with other security products including: IPS/IDS, AV, Anti-Malware, User Behavior Analytics, DLP, MFA, Network Proxies, Sensitive Data Scanning, and Content Filtering is preferred.
Expert level understanding and usage of SPL, Regex, and other development tools in creating security-focused searches, dashboards, threat detection logic, event alerts, and reports in Splunk is required. Extensive experience is in onboarding data sources from various IT infrastructure components such as servers, firewalls, routers, on-prem and cloud hosted services, and applications is also required. Experience with data normalization and data modeling within the Splunk environment and maintaining complete logging infrastructure including, but not limited to, log storage, syslog, and Windows Event Forwarding (WEF) is desired. Ability to effectively coordinate, prioritize, and collaborate along with outstanding written and verbal communication skills. Attendance and the ability to maintain satisfactory working relationships with OAG employees and the general public is required.
HOURS OF WORK: 9:00 a.m. - 5:00 p.m. (Monday Friday)
APPLICATION PROCEDURE:
Send resume and cover letter to:
Attn: Human Resources
115 S. LaSalle St.
Chicago, IL 60603
or
humanresources@ilag.gov