Splunk Engineer

• Work Schedule : 100% Onsite
• Clearance: TS/SCI
• Certification: Security+ CE

We are seeking a Splunk Engineer in support of the Compartmented Enterprise Services Office (CESO) NOC.

This position is located in Arlington, VA and is 100% on-site.

Primary Responsibilities:

• Design efficient and reusable reports and dashboards to integrate multiple mission applications’ health, performance and operational data systems into Splunk.
• Create front-end automated data visualization services using Splunk.
• Develop viewable Splunk dashboards to provide visibility into ingested log data.
• Develop alerts that trigger/activate on configured settings to deploy or send a note/email/attachments to a particular destination email or groups.
• Develop security rules (alerts) that trigger on anomalous activities or threat detections.
• Administer Splunk in Windows and Linux environments.
• Work with existing and custom Splunk applications and add-ons to fulfill customer needs.
• Provide operations and maintenance support for a distributed Splunk environment consisting of heavy forwarders, indexers, and search head servers, spanning security, performance, and operational roles.
• Edit and maintain Splunk configuration files and apps.
• Onboard data to Splunk via forwarder, scripted inputs, TCP/UDP, and modular inputs from a variety of sources.
• Provide operational support for Splunk Universal Forwarder on Linux and Windows endpoints.
• Manage and support automation solutions for Splunk deployment and orchestration in on-premise and cloud environments.

Basic Qualifications:

• Bachelor’s degree and 4+ years of prior relevant experience. Additional experience may be considered in lieu of degree.
• Active Top Secret security clearance (with ability to hold TS/SCI) is required prior to start, with the ability to take and maintain CI/POLY.
• DoD 8570 IAM II certification is required.
• Splunk Enterprise Certified Architect or equivalent certification or higher.
• Excellent written and oral communication skills, able to appropriately present highly technical material to both technical and non-technical audiences.

Preferred Qualifications:

• Experience configuring and maintaining the tool in a multi-tenant environment.
• Experience with AWS Cloud tools and services.

For more information, please contact us or send an email to