Cyber Security Splunk Administrator

The Splunk Administrator is responsible for supporting the activities related to implementation, configuration, management, and maintenance of a Splunk Cloud, Splunk Enterprise Security, and additional logging-related security platforms and functions. The Splunk Administrator will have demonstrable experience and expertise in managing a large Splunk Enterprise or Splunk Cloud environment.  The Splunk Administrator is a technology and process focused security professional with an emphasis in information security, secure system implementation, and maintenance. The Splunk Administrator will review, assess, recommend, and implement technical controls to ensure the Splunk environment and related security platforms are well managed and resilient. The Splunk Administrator will also ensure that routine maintenance and configuration management are well maintained and assist the Splunk Team Lead as required.   
 
What you'll do:

• Management, upkeep, and expansion/design of a complex deployment. 

• Administer all aspects of Splunk event collection and forwarding. 

• Administer Splunk Cloud and Enterprise Security. To include index, source type, field, CIM compliance, ES (Enterprise Security) use cases and SPL upkeep.

• Configure and manage props and transforms for typical and proprietary data 

• Implement Security and Business use-cases in the Splunk framework. 

• Manage syslog configurations and forwarding with syslog-ng or SC4S. 

• Create custom dashboards, reports, and alerts within Splunk. 

• Ability to create complex Splunk queries in SPL and XML for reports and dashboards 

• Ability to troubleshoot and optimize SPL for large queries or data sets with strong knowledge of the Splunk search pipeline 

• Understanding and implementation of log data flows between source systems and Splunk components 

• Ability to write applications that pull data from a source system for writing to Splunk (Python preferred) 

• Ability to create custom field extractions, TA’s and source types 
   

What you'll bring:

• 5+ years of direct administration experience with Splunk Cloud, Splunk Enterprise or Enterprise Security environment 

• 3+ years designing, engineering and securing complex infrastructure architectures. 

• 1+ years working in a cyber security org or team (preferably Security Operations). 

• Cloud experience with getting data in (Lambda functions, Kinesis Firehose, or other push methodologies to get higher volumes of data into Splunk from cloud subscriptions) 

• Direct experience with development or deployment in the cloud (AWS, Azure, GCP) 

• Comfortable with tooling that demonstrates an automation mindset: Chef, Puppet, Ansible, CI/CD experience, and can provide examples. 

• Experience with Windows and Linux administration and bash, Python, or Ruby scripting. 

• Experience with implementing best practices regarding event collection and logging in cloud infrastructure and cloud services. 

• Experience in log management on different tiers of infrastructure and platform services. 

• Experience working with containerized and serverless computing platforms. 

• Experience in secrets management, encryption technologies, and key management. 

• Splunk certified Administrator or Architect certification is preferred 

• Regulatory Compliance Experience 

#LI-REMOTE

Stay up to date on everything Blackbaud, follow us on Linkedin, Twitter, Instagram, Facebook and YouTube ​

Blackbaud is a remote-first company which embraces a flexible remote work culture.  Blackbaud supports hiring and career development for all roles from the location you are in today!

Blackbaud is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, physical or mental disability, age, or veteran status or any other basis protected by federal, state, or local law.

To all recruitment agencies: We do not accept unsolicited agency resumes and are not responsible for any fees related to unsolicited resumes.

A notice to candidates: Recruitment Fraudulent Alert: Your personal information and online safety as a candidate mean a lot to us! At Blackbaud and our portfolio of companies, recruiters only direct candidates to apply through our official careers page at https://careers.blackbaud.com/us/en or our official LinkedIn page. Recruiters will never request payments, ask for financial account information or sensitive information like social security numbers, or conduct interviews via Skype.  Anyone suggesting otherwise is not a representative of Blackbaud. If you are unsure if a message is from Blackbaud, please email blackbaudrecruiting@blackbaud.com. 

The starting base pay is $117,200.00 to $157,500.00. Blackbaud may pay more or less based on employee qualifications, market value, Company finances, and other operational considerations.

Benefits Include:

• Medical, dental, and vision insurance

• Remote-first workforce

• 401(k) program with employer match

• Flexible paid time off

• Generous Parental Leave

• Volunteer for vacation

• Opportunities to connect to build community and belonging

• Pet insurance, legal and identity protection

• Tuition reimbursement program

Apply