Returning Candidate? Log back in! Splunk Administrator - Mid Location US-OH-Columbus ID 2025-07-2460 Category Information Technology Position Type Full-Time Location Detail On-Site Company Overview At ValidaTek, we modernize and optimize IT services to solve some of the most critical challenges facing federal civilian and defense agencies. From customers to partners to top-talent employees, ValidaTek puts people first, empowering them to exceed expectations and transform government organizations. Our success starts and ends with our people, so we built a company where great people can do great things, with the resources and autonomy to make decisions that transform organizations. We operate as one team of diverse people, united by a passion for continuous growth and optimization. Our commitment to quality and performance optimization is the reason why our IT Service Projects and New Development Projects have been appraised at CMMI Maturity Level 5, positioning us as one of a handful of elite companies to receive the highest form of third-party validation. www.validatek.com Summary

SHIFT TIME: Monday - Friday 0600-1430

 

We are seeking a skilled Mid-Level Splunk Administrator to support a mission-critical DISA (Defense Information Systems Agency) program. The selected candidate will play a key role in maintaining and enhancing the operational integrity of the Splunk platform, enabling real-time security monitoring, operational visibility, and advanced analytics. This role requires expertise in system administration, data onboarding, and Splunk search optimization, with an emphasis on DISA and DoD security compliance.

Responsibilities Splunk Administration & Operations:

Manage and maintain Splunk infrastructure, including indexers, forwarders, search heads, and deployment servers.

Perform installation, configuration, and upgrading of Splunk Enterprise components in accordance with DISA guidelines.

Monitor Splunk system health, performance, and availability, ensuring optimal ingestion and query efficiency.

Administer role-based access controls (RBAC) and manage Splunk authentication integration (LDAP, CAC, PKI, etc.).

Data Onboarding & Optimization:

Develop and maintain data inputs, sourcetypes, field extractions, and parsing for accurate log ingestion from a variety of DISA-managed systems.

Work with log owners and data providers to ensure the reliable delivery of log data via forwarders or APIs.

Tune and optimize Splunk queries, dashboards, and reports for performance and clarity.

Security & Compliance Support:

Ensure Splunk data ingestion, storage, and operations are compliant with DoD cybersecurity regulations, including DISA STIGs, RMF, and DoD auditing requirements.

Assist cybersecurity teams in real-time incident detection and response activities using Splunk data and dashboards.

Maintain data retention policies and support log management for audits and compliance checks.

Collaboration & Support:

Work closely with security, operations, and engineering teams to develop and deploy new Splunk use cases.

Provide user support and training to DISA stakeholders on Splunk search, dashboard development, and best practices.

Participate in change management, documentation updates, and knowledge sharing within the team.

Qualifications

3+ years of experience administering Splunk in an enterprise or DoD environment.

Active DoD Secret clearance with eligibility for a Top Secret clearance.

Proven experience with Splunk Enterprise administration, including search head clustering and indexer clustering.

Strong understanding of Splunk data models, CIM compliance, and field extractions (regex, Splunk props/transforms).

Experience onboarding data from security tools, network appliances, and infrastructure systems.

Familiarity with Linux/Unix systems administration and shell scripting.

Knowledge of DoD cybersecurity requirements (e.g., STIGs, RMF, NIST 800-53 controls).

Experience supporting tickets and change requests through ITSM platforms (e.g., Remedy, ServiceNow).

Excellent analytical, problem-solving, and communication skills.

Preferred Qualifications:

Splunk Core Certified Power User or Splunk Certified Admin.

Experience with Splunk Enterprise Security (ES) or IT Service Intelligence (ITSI).

Familiarity with DISA-specific environments, Joint Regional Security Stacks (JRSS), or DoD cyber operations.

Experience with automation or orchestration tools (e.g., Ansible, Python, REST API integrations).

Understanding of Syslog, SNMP, JSON, XML, and other log transport/format standards.

Salary Disclosure Actual salary will be based on a variety of factors including but not limited to experience, geographic location, contract affordability, internal equity, education, and certifications.

The upper end of the salary range may be reserved for individuals who have demonstrated tenure with the company, seniority, and proven excellent performance. This includes factors such as education, certifications, and extensive/unique experience beyond what is required. EEO Statement ValidaTek is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, or disability status.

Applicants who are selected for employment will be required to verify authorization to work in the United States.

Offers of employment will be contingent upon passing a post-offer background check. Options ApplyApplyShareSubmit a ReferralRefer Sorry the Share function is not working properly at this moment. Please refresh the page and try again later. Share on your newsfeed Connect With Us! Not ready to apply? Connect with us for general consideration. Application FAQs

Software Powered by iCIMS
www.icims.com