SIEM Administrator Support

SIEM Administrator Support

ASE is looking for a SIEM Administrator Support to work in Camp H M Smith, HI. The SIEM Administrator is responsible for managing, maintaining, and optimizing the USINDOPACOM enterprise Security Information and Event Management (SIEM) platform, specifically utilizing Splunk Enterprise (SE) and Splunk Enterprise Security (ES).

Responsibilities

This role ensures continuous visibility into cybersecurity events, supports defensive cyber operations, and enforces DoD and USINDOPACOM cybersecurity compliance requirements. The SIEM Administrator is also responsible for developing SIEM content, conducting security analytics, supporting incident response, and ensuring secure configuration and posture of all SIEM components.

• Serve as the primary Splunk platform administrator, designing, implementing, administering, and maintaining Splunk Enterprise and Splunk Enterprise Security (ES) deployments including configurations, indexes, apps, knowledge objects, data inputs, and security content while ensuring optimal performance, availability, and smooth installation of updates and patches.
• Monitor and maintain overall SIEM system health and security posture by tracking performance and capacity, conducting STIG and PKI compliance activities, reviewing and validating ACAS scan results, auditing security practices to prevent incidents, and proactively identifying system shortfalls, discrepancies, and opportunities for improvement or automation.
• Develop and enhance security monitoring capabilities through the creation of dashboards, alerts, reports, correlation logic, and new data inputs; partner with system administrators and developers to expand visibility, troubleshoot issues, and build workflows for CND-related assets and ServiceNow-integrated processes.
• Maintain operational readiness and documentation by managing configuration baselines, recording all changes, evaluating daily ServiceNow tickets, ensuring continuous compliance with DoD/USINDOPACOM requirements, and supporting after-hours or weekend activities for scheduled or unscheduled outages.

Qualifications

• IAW DoD 8140.03-M, must meet the Intermediate Proficiency Level qualifications.
• Must have at least four years of system, network administration or developer experience and two years of Splunk administration.
• Must have Splunk Enterprise Certified Admin credential.
• Must have experience administering Linux servers
• Must have experience with SIEM Content Development.
• Demonstrated experience of strong analytical and problem-solving skills.
• An active secret clearance is required.

Desired Qualifications:

• Prefer Red Hat Linux administrator certification (RHCSA/RHCE).
• Prefer experience with Splunk Enterprise Security.
• Prefer experience in a virtualized environment (VMware, etc).
• Prefer one or more relevant CND certifications: CISSP, CASP, OSCP, CySA+, CEH, or GCIH.