OFFICE OF ATTORNEY GENERAL
POSITION CLASSIFICATION: Splunk Administrator
PERMANENT ASSIGNMENT Deputy Chief of Staff, Administration
BUREAU SERVED: Information Security (IS)
SALARY RANGE: Commensurate with experience
SUMMARY OF DUTIES AND RESPONSIBILITIES:
Under the direction of the Chief Information Security Officer, the Splunk Administrator will play a key role in protecting OAG computer and networking systems from potential cyber-attacks. The Splunk Administrator will be responsible for managing, designing, planning, and the deployment of sophisticated security and environment monitoring capabilities. The Splunk Administrator will lead the installation, provisioning, configuration, operation, maintenance, and troubleshooting for all Splunk applications and hardware. The Splunk Administrator will collaborate with and mentor the compliance, engineering, and operations teams in the identification and addition of new data feeds and systems for monitoring to the Splunk platform.
This position requires a bachelorís degree in Information Security or a related field and a minimum of 3 years of in depth Splunk Administration experience, or an equivalent combination of training and experience. At least one certification such as Splunk Enterprise Certified Administrator, Splunk Enterprise Certified Architect, Splunk Enterprise Security Certified Administrator, or Splunk Cloud Certified Administrator is required. Experience with other security products including: IPS/IDS, AV, Anti-Malware, User Behavior Analytics, DLP, MFA, Network Proxies, Sensitive Data Scanning, and Content Filtering is preferred.
Expert level understanding and usage of SPL, Regex, and other development tools in creating security-focused searches, dashboards, threat detection logic, event alerts, and reports in Splunk is required. Extensive experience is in onboarding data sources from various IT infrastructure components such as servers, firewalls, routers, on-prem and cloud hosted services, and applications is also required. Experience with data normalization and data modeling within the Splunk environment and maintaining complete logging infrastructure including, but not limited to, log storage, syslog, and Windows Event Forwarding (WEF) is desired. Ability to effectively coordinate, prioritize, and collaborate along with outstanding written and verbal communication skills. Attendance and the ability to maintain satisfactory working relationships with OAG employees and the general public is required.
Hours of Work: 9:00 a.m. - 5:00 p.m. (Monday Friday)
Application Procedure: Send cover letter and resume to:
Office of the Attorney General
An Equal Opportunity Employer
The Illinois Attorney General's Office is an equal opportunity employer. The Office considers applicants without regard to race, color, religion, sex, national origin, sexual orientation, age, marital or veteran status, or the presence of a non-job-related medical condition or disability.