Splunk Engineer

Primary Responsibilities

• Manage multiple assignments, changing priorities, and work independently with little oversight

• Build, implement, and administer Splunk in Windows and Linux environments

• Work with existing and custom Splunk applications and add-ons to fulfill customer needs

• Provide overall engineering and design support for a distributed Splunk environment consisting of heavy forwarders, indexers, and search head servers, spanning security, performance, and operational roles

• Editing and maintaining Splunk configuration files and apps

• Onboard data to Splunk via forwarder, scripted inputs, TCP/UDP, and modular inputs from sources such as FireEye, Blue Coat, F5, Cisco, Palo Alto, syslog, etc.

• Provider operational support Splunk Universal Forwarder on Linux and Windows endpoints

• Create, manage, and support automation solutions for Splunk deployment and orchestration in on-premise and cloud environments

• Documentation, reporting, presentation, teamwork, and DHS wide collaboration are among the expected duties and mission of the task order

Basic Qualifications

• Bachelor’s degree in Computer Science, Engineering, or a related field and a minimum of 12 years of experience in system administration, database administration, network engineering, software engineering, or software development, with a concentration in Cybersecurity

• Two years of experience with Linux and Windows system administration or an intermediate understanding of operating systems and common operating environments

• Two years of experience with Splunk in distributed deployments

• Current Splunk Enterprise Certified Admin certification

• At least one of the following certifications: CASP, GCIH, GCWN, GISF, GISP, GSSP, GICSP, GSSP, SEI, CISSP, CCSP, CSSLP, SSCP, CCNP, CCNP Security, CCIE Security, CEH, ECSP, MCSE, RHCA, RHCE, VCP, VCAP, VCIX, VCDX

• Excellent written and oral skills, ability to work closely with multiple customers, manage expectations and track engagement scope

• Experience implementing FISMA, NIST, NSA, and other information security, cybersecurity and CDM related industry policies, procedures, guidelines, standards, and best practices

• Experience with Splunk Enterprise Security or integration with other Security Information and Event Management (SIEM) platforms

• Proficient at data on-boarding activities including routing, parsing, and normalizing events to the Splunk Common Information Model (CIM)

• Proficiency onboarding data using Splunk developed add-ons for Windows, Linux, and common third-party devices and applications

• Experience onboarding data into Splunk via forwarder, scripted inputs, TCP/UDP, and modular inputs from a variety of sources

• Proficiency managing Splunk using the Splunk command-line interface

• Proficiency managing Splunk using configuration files

• Experience collaborating with separate engineering teams to configure data sources for Splunk integration

• Proficiency implementing and onboarding data in Splunk DB Connect

• Experience with Splunk performing systems administration, including performing installation, configuration, monitoring system performance and availability, upgrades, and troubleshooting

• General networking and security troubleshooting (firewalls, routing, NAT, etc.)

• Splunk implementation and troubleshooting experience

• Experience in managing, maintaining, and administering multi-site indexer cluster

• Proficiency developing log ingestion and aggregation strategies per Splunk best practices

• Perform integration activities to configure, connect, and pull data with 3rd party software APIs

• Proficient in regular expressions

• Ability to autonomously prioritize and successfully deliver across a portfolio of projects

• This position requires a TS/SCI clearance and DHS Entry on Duty (EOD) approval.

Preferred Qualification

• Experience working in AWS and Azure

• Experience working in an Agile development environment.

• Experience with GitLab or GitHub or other version control system

• Experience with Ansible tower and/or writing ansible playbooks

• Intermediate understanding of SQL and common SQL dialects

• Scripting and development skills (Bash, Python, and PowerShell)