Description The Digital Modernization Sector is excited to announce a fantastic opportunity for a talented Splunk Systems Integration Specialist to join our team, supporting the Unified Cyber Situational Awareness (UCSA) Splunk environment. This position is pivotal in driving integration engineering activities within our projects. You will engage in concept exploration, systems integration, performance management, technology assessment, and the development of comprehensive integration plans. As a key member of our team, you will leverage your expertise in Splunk and its components, while supporting environments both in the AWS Cloud and on-site.
Primary Responsibilities: - Develop and optimize intricate queries and searches in Splunk to generate valuable insights and support critical decision-making processes.
- Create custom dashboards and reports that meet contract objectives and enhance security monitoring and compliance efforts.
- Collaborate with cross-functional teams to understand their data needs, translating them into effective Splunk queries and reports.
- Analyze and troubleshoot Splunk queries to identify performance issues, implementing optimizations for faster execution.
- Design and implement robust data collection strategies, ensuring the accuracy and integrity of ingested data.
- Maintain a strong grasp of Splunk best practices, continually striving to improve query performance and reporting quality.
- Perform various integration activities, including concept exploration, systems integration, and technical documentation development.
- Design, implement, and maintain Splunk environments, which include forwarders, indexers, search heads, and deployment servers.
- Ensure optimal performance, security, and scalability during the installation and configuration of Splunk and its components.
- Harden the Splunk environment to meet security compliance standards and best practices.
- Monitor the health and performance of Splunk infrastructure, executing routine maintenance to ensure uninterrupted service.
- Troubleshoot any issues related to the Splunk infrastructure, including data ingestion problems and performance bottlenecks.
- Create and sustain comprehensive documentation for architecture, installation guides, and troubleshooting procedures.
- Work collaboratively with security, network, and system administration teams to ensure seamless Splunk integration within the IT infrastructure.
- Potentially assist with the testing of Internet Protocol version 6 (IPv6) implementations.
- Other duties as assigned, which may include touch labor and COOP support in Columbus, OH.
Qualifications: - Bachelor's degree and 4+ years of relevant experience or a Master's degree with 2+ years of experience; additional years of experience may be accepted in lieu of a degree.
- 4+ years hands-on experience working with Splunk, with a strong emphasis on query development and reporting.
- Possess a DoD 8570 IAT Level II (or III) certification (e.g., Sec+ CE).
- Hold a DoD Secret clearance or higher.
- Proficient in Splunk Search Processing Language (SPL) and skilled in dashboard design.
- Adept at translating complex technical data into clear, actionable reports and visualizations.
- Strong problem-solving skills aimed at performance optimization and query tuning.
- Understanding of data onboarding and integration within Splunk environments is a plus.
- Experience with data onboarding tasks, including routing and normalizing events per the Splunk Common Information Model (CIM).
- Ability to onboard data using Splunk add-ons for various platforms, including Windows and Linux.
- Experience onboarding data via forwarder, scripted inputs, and modular inputs from diverse sources.
- Exceptional written and verbal communication skills, with the ability to collaborate effectively with multiple customers.
- Experience in Splunk systems administration, including installation, configuration, and troubleshooting.
- General knowledge of network and security troubleshooting (firewalls, routing, NAT, etc.).
- Proficient in developing log ingestion strategies according to Splunk best practices.
- Must be capable of performing integration activities to connect and pull data from third-party software APIs.
- Splunk Certified Architect certification is required.
Preferred Qualifications: - Additional Splunk certifications, such as Splunk Certified Power User or Splunk Certified Admin.
- Eight (8) years of experience in Linux and Windows system administration.
- Five (5) years of experience administering Splunk in distributed deployments.
- Knowledge of compliance and information security within the context of information assurance.
- Familiarity with Agile methodologies and experience using work management tools such as JIRA or Confluence.
- Cloud certifications, such as AWS Solutions Architect Associate or Azure Administrator.
- Ability to prioritize and deliver results independently.
Original Posting: April 7, 2025
For U.S. Positions: While subject to change based on business needs, Leidos anticipates that this job requisition will remain open for at least 3 days, with an anticipated close date of no earlier than 3 days after the original posting date.
Pay Range: Pay Range $85,150.00 - $153,925.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation. Additional factors considered in extending an offer include job responsibilities, education, experience, knowledge, skills, and abilities, as well as internal equity and market alignment.