About the Role: The Systems Administrator will support a federal agency’s SIEM / Cyber Data Lake implementation of Splunk. The Systems Administrator will control all role-based access controls (RBAC), following established procedures to add and remove users to established roles and security groups. The Systems Administrator will also recommend and implement all system patching and upgrades required to support the Cyber Data Lake coordinating with other agency organizations and following Department Configuration Management processes.
Role Description:
- Manage Role Based Access Control (RBAC) for all system users.
- Lead system updates and patches for Cyber Data Lake system components. Manage and maintain the Cyber Defense Infrastructure System (CDIS) components to include installation, configuration, adherence to configuration compliance requirements, patching and maintenance, system tuning, and documentation updates.
- Monitor system (sometimes after hours) to provide technical support for customer system integrations.
- Provide monthly user system use reports (e.g., user queries, searches, etc.) to support compliance and internal review.
- Provide extensive data logs to support cyber investigations, sourced from various components within the agency,
- Support Splunk Alert creation and monitoring.
- Provide user-level external access to the other agencies upon request.
- Develop, update, recommend, incorporate, and maintain enhancements to user, administration, and operations documentation, including but not limited to standard operating procedures (SOPs), job aids, application checklists, guidance documents, and templates.
- To address service-impacting issues, during non-core operational support hours, the Contractor must provide standby, on-call, US-based technical support to triage ingestion issues. The Department estimates actual off-business-hour events to be rare (less than 1 per month).
- Report critical events within one hour of discovery. Contractor personnel must work with agency personnel and other Contractor teams to quickly respond to and resolve all incidents.
- Provide FOIA and eDiscovery search and documentation assistance.
Required Qualifications & Education:
- 5+ years of related experience required
- Bachelor’s degree in Computer Science, Information Systems, Mathematics, Engineering, or related degree or an additional two (2) years of relevant experience.
- Experience administering SPLUNK environment (Heavy Forwarders, Syslog Servers, Deployment Servers).
- Experience implementing Role Based Access Controls and integrating Active Directory security groups for system access controls.
- Strong background in leading system updates and applying security patches for critical infrastructure. For instance, overseeing the regular patching cycles for a Cyber Data Lake environment to mitigate vulnerabilities.
- Proven ability to install, configure, and maintain Cyber Defense Infrastructure System components. This includes ensuring compliance with configuration standards and performing system tuning for optimal performance.
- Ability to monitor systems and provide technical support, including after-hours, for seamless customer system integrations. For example, troubleshooting integration issues during off-peak hours to maintain system uptime.
- Experience generating detailed user system usage reports to support compliance audits and internal reviews. This includes creating monthly reports on user queries and searches to ensure regulatory adherence.
- Skilled in maintaining and providing comprehensive data logs from various system components to support cyber investigations. For example, extracting and analyzing log data to assist in forensic investigations.
- Experience granting and managing user-level access to external agencies as needed, ensuring secure and efficient collaboration. For instance, setting up and managing secure access for partner agencies during a data sharing initiative.
- Ability to create, update, and maintain comprehensive documentation, including Standard Operating Procedures (SOPs), job aids, and operational guidelines. For example, developing a detailed SOP for system administrators on incident response protocols.
- Capability to report and respond to critical events within strict timelines, collaborating with various teams to resolve incidents quickly. This includes providing support for FOIA (Freedom of Information Act) and eDiscovery requests by conducting thorough searches and preparing necessary documentation.
Desired Qualifications: N/A
Clearance and Location Requirements: 100% Remote (Greater DC/Baltimore Area Preferred). Must successfully qualify for a Public Trust Clearance.
About NR Labs
At NR Labs, our passion is to solve the hard problems that keep security leaders up at night in a way that caters to their unique technical, financial, political, and business posture. Our company empowers every organization to achieve its cyber potential. NR Labs focuses on cybersecurity for public and private sector clients and is dedicated to solving their most complex cyber challenges. If you are curious in learning more about NR Labs, please visit our website at nrlabs.com.