Senior Splunk Engineer

Arlington, Virginia

KamisPro
Apply for this Job
  • This is a hybrid position, 2-3 days onsite in Arlington, VA.
  • TS/SCI clearance required. TS/SCI Poly preferred
  • Splunk Certified Administrator required, Certified Architect preferred

Our client is seeking a Senior Splunk Engineer to support a premier analytics platform. This engineer will join a high-performing cloud and cybersecurity team, directly supporting critical initiatives to modernize and secure the enterprise's analytics capabilities. You will play a pivotal role in moving Splunk from AWS cloud platform to CI/CD pipelines. You will also be enhancing Splunk deployments, optimizing data ingestion, and ensuring seamless performance through infrastructure automation, security best practices, and continuous integration.


Responsibilities:

  • Architect, deploy, and manage enterprise-level Splunk environments in alignment with CI/CD best practices.
  • Design and implement Splunk infrastructure using Terraform, Ansible, and GitLab to support automated, scalable deployments.
  • Lead version upgrades across clustered Splunk environments; manage Indexers, Search Heads, and Universal Forwarders.
  • Ingest and normalize diverse data sources (Syslog, HEC, APIs, log monitoring) and optimize for performance and license usage.
  • Develop documentation, user guides, and internal SOPs for streamlined knowledge transfer across engineering teams.
  • Create dashboards, reports, alerts, and custom visualizations to support mission operations.
  • Support SSL configuration, STIG compliance, and RHEL patching for secure deployments.
  • Collaborate with DevOps, Cloud, and Security teams to troubleshoot issues and implement security analytics using Splunk ES and UBA.
  • Interface with end users, government stakeholders, and analysts to improve Splunk adoption and performance across the platform.

Qualifications:

  • 3+ years of hands-on experience with Splunk Enterprise deployments, upgrades, and data onboarding.
  • Experience administering Linux (RHEL/CentOS) and Windows systems.
  • Experience with infrastructure-as-code tools like Terraform and Ansible.
  • Proficiency with scripting languages such as Python or Bash.
  • Strong understanding of Splunk configuration files (inputs.conf, props.conf, transforms.conf).
  • Experience managing clustered environments across bare metal and VM infrastructures.
  • Familiarity with AWS and cloud-native technologies is a plus.
  • Splunk Certified Administrator required; Splunk Certified Architect (preferred or in-progress).
  • CompTIA Security+ (DoD 8570 IAT II compliant).
  • Excellent verbal and written communication skills, and ability to collaborate in agile team environments.

Preferred:

  • Experience with Splunk Enterprise Security (ES), User Behavior Analytics (UBA), and automation pipelines.
  • Knowledge of Docker, Kubernetes, or Ansible in DevSecOps pipelines.
  • Familiarity with compliance frameworks, endpoint tools (Tanium, Palo Alto), and vulnerability management.

Date Posted: 06 June 2025
Apply for this Job