Splunk Enterprise

Washington, Washington DC

 Quzara LLC
Apply for this Job
Job Title: Splunk Enterprise - Security Engineer

Pay Type: SALARIED EXEMPT

Location: Hybrid, Washington, DC (Must Work East Coast Hours, United States)

Clearance: Active TS/SCI or Secret Clearance (Required)

Citizenship: U.S. Citizenship (Required)

Summary of Position Role/Responsibilities

Quzara is seeking a Splunk Enterprise Security Engineer to architect, deploy, and optimize Splunk Cloud and Enterprise Security (ES) environments for federal clients. This role focuses on engineering scalable, high-performance Splunk solutions to support threat detection, incident response, and compliance with federal standards such as NIST 800-53, CMMC, and M-2131. The ideal candidate is a technical expert with 5-10 years of Splunk engineering experience, proficient in system design, automation, and data pipeline development, and holds an active TS/SCI or Secret clearance.

Essential Functions of the Job
  • System Architecture: Design and implement Splunk Cloud and Enterprise Security (ES) architectures tailored for federal environments, ensuring scalability, high availability, and low-latency threat detection in cloud and hybrid setups.
  • Data Pipeline Engineering: Develop secure data ingestion pipelines, integrating federal data sources (e.g., Syslog, APIs, cloud-native logs, Kafka) with custom parsers and data normalization to meet stringent compliance requirements.
  • Automation and Orchestration: Engineer Splunk SOAR playbooks using Python or Bash to automate incident response workflows, integrating with federal security tools (e.g., SIEM, EDR) for rapid threat mitigation.
  • Search and Analytics Optimization: Write and optimize complex SPL (Search Processing Language) queries, data models, and accelerators to support real-time analytics and efficient search performance for federal SOCs.
  • Dashboard and Visualization Engineering: Create high-performance, custom Splunk dashboards and visualizations, leveraging advanced data models to deliver actionable insights for federal stakeholders.
  • Cloud Migration: Lead migrations from on-premise Splunk to Splunk Cloud, ensuring compliance with federal security standards, data integrity, and minimal downtime.
  • Performance Tuning: Monitor and optimize Splunk deployments, tuning indexers, search heads, and forwarders for large-scale, high-throughput federal environments.
  • Security and Compliance: Engineer Splunk solutions to align with federal mandates (e.g., NIST 800-53, CMMC, M-2131, FISMA), implementing security controls and audit-ready logging for continuous monitoring.
  • Integration and APIs: Develop secure integrations between Splunk and federal systems using REST APIs, SDKs, and custom apps to enhance security operations.
  • Technical Documentation: Produce detailed architecture diagrams, runbooks, and compliance reports to support federal Splunk deployments and audits.
Marginal Functions of the Job
  • Other duties as assigned
Normal Work Schedule

This is a full-time position. Standard business hours are Monday through Friday 8:30 AM to 5:30 PM. Additional time outside of these hours may be needed to complete the essential functions of the job.

Education, Training, and Experience
  • Experience: 5-10 years of hands-on Splunk engineering experience, with expertise in Splunk Cloud, Enterprise Security (ES), and large-scale deployments in federal environments.
  • Education: Bachelor's degree in Computer Science, Software Engineering, Cybersecurity, or a related field. Master's degree preferred.
  • Clearance: Active TS/SCI or Secret clearance required.
  • Citizenship: Must be a U.S. citizen.
  • Certifications(preferred):
    • Splunk Enterprise Certified Architect or Splunk Enterprise Certified Administrator
    • Security certifications (e.g., CISSP, CISM, CISA, Security+)
    • Agile project management certification or training
  • Technical Skills:
    • Expertise in designing and administering Splunk environments (Splunk Enterprise, Splunk Cloud, Splunk o11y) for federal use cases.
    • Proficiency in large-scale Splunk deployments and secure log ingestion architecture.
    • Strong scripting skills in Python or Bash for automation and integration.
    • Experience with federal cloud platforms (e.g., AWS GovCloud, Azure Government) and container orchestration (e.g., Kubernetes, Docker).
    • In-depth knowledge of federal compliance frameworks (NIST 800-53, CMMC, M-2131, FISMA) and security frameworks (e.g., NIST Cybersecurity Framework).
    • Familiarity with automation/orchestration tools (e.g., Ansible, Terraform).
  • Soft Skills:
    • Strong problem-solving and analytical skills, with a focus on engineering secure solutions.
    • Excellent communication skills to collaborate with federal technical teams and articulate complex concepts.
    • Ability to work independently and manage multiple priorities in a high-stakes, fast-paced environment.
Preferred Qualifications
  • Experience with Splunk ITSI or Splunk UBA in federal settings.
  • Background in federal SOC or large-scale government SaaS environments.
  • Knowledge of DevSecOps practices and integration with Splunk in federal ecosystems.
  • Experience with Zero Trust architecture implementation.
EEO Statement

The Company is an Equal Employment Opportunity (EEO) employer and does not discriminate based on race, color, religion, sex, sexual orientation, national origin, age, marital status, disability, veteran's status, or any other basis protected by applicable discrimination laws.

Date Posted: 19 May 2025
Apply for this Job
Show me similar jobs
Send me jobs by email