- This is a hybrid position, 2-3 days onsite in Arlington, VA.
- TS/SCI clearance required. TS/SCI Poly preferred
- Splunk Certified Administrator required, Certified Architect preferred
Our client is seeking a Senior Splunk Engineer to support a premier analytics platform. This engineer will join a high-performing cloud and cybersecurity team, directly supporting critical initiatives to modernize and secure the enterprise's analytics capabilities. You will play a pivotal role in moving Splunk from AWS cloud platform to CI/CD pipelines. You will also be enhancing Splunk deployments, optimizing data ingestion, and ensuring seamless performance through infrastructure automation, security best practices, and continuous integration.
Responsibilities:
- Architect, deploy, and manage enterprise-level Splunk environments in alignment with CI/CD best practices.
- Design and implement Splunk infrastructure using Terraform, Ansible, and GitLab to support automated, scalable deployments.
- Lead version upgrades across clustered Splunk environments; manage Indexers, Search Heads, and Universal Forwarders.
- Ingest and normalize diverse data sources (Syslog, HEC, APIs, log monitoring) and optimize for performance and license usage.
- Develop documentation, user guides, and internal SOPs for streamlined knowledge transfer across engineering teams.
- Create dashboards, reports, alerts, and custom visualizations to support mission operations.
- Support SSL configuration, STIG compliance, and RHEL patching for secure deployments.
- Collaborate with DevOps, Cloud, and Security teams to troubleshoot issues and implement security analytics using Splunk ES and UBA.
- Interface with end users, government stakeholders, and analysts to improve Splunk adoption and performance across the platform.
Qualifications:
- 3+ years of hands-on experience with Splunk Enterprise deployments, upgrades, and data onboarding.
- Experience administering Linux (RHEL/CentOS) and Windows systems.
- Experience with infrastructure-as-code tools like Terraform and Ansible.
- Proficiency with scripting languages such as Python or Bash.
- Strong understanding of Splunk configuration files (inputs.conf, props.conf, transforms.conf).
- Experience managing clustered environments across bare metal and VM infrastructures.
- Familiarity with AWS and cloud-native technologies is a plus.
- Splunk Certified Administrator required; Splunk Certified Architect (preferred or in-progress).
- CompTIA Security+ (DoD 8570 IAT II compliant).
- Excellent verbal and written communication skills, and ability to collaborate in agile team environments.
Preferred:
- Experience with Splunk Enterprise Security (ES), User Behavior Analytics (UBA), and automation pipelines.
- Knowledge of Docker, Kubernetes, or Ansible in DevSecOps pipelines.
- Familiarity with compliance frameworks, endpoint tools (Tanium, Palo Alto), and vulnerability management.