Splunk Security Engineer

Input Technology Solutions - National Harbor, MD, United States

Input Technology Solutions is seeking an experienced Splunk Security Engineer to join our Splunk Engineering team in National Harbor, MD! The ideal candidate will assist with the designing, implementing, and maintaining of DHS’ Splunk environment while leveraging Cribl for data processing and routing.

You’ll Get to Do:

The Splunk Security Engineer should feel comfortable optimizing and refining the current Splunk implementation while collaborating with cross-functional teams to enhance DHS’ overall security posture.

• Design, implement, and maintain the Splunk infrastructure and solutions
• Configure and optimize Cribl Stream for data collection, processing, and routing
• Develop and maintain Splunk dashboards, alerts, and reports
• Assist with troubleshooting issues related to Splunk and Cribl implementations
• Perform capacity planning and performance tuning for Splunk and Cribl environments
• Collaborate with cross-functional engineering and ISSO teams to gather requirements and deliver solutions
• Document and map the architecture of the current Splunk implementation
• Support the development of a Security Engineering Tool roadmap
• Stay current with emerging security technologies and industry trends to recommend improvements or additions.

You’ll Bring These

Qualifications:

• Ability to attain DHS EOD with Top Secret clearance
• ITIL V4 Foundations certification (or obtain in first 6 months)
• BA/BS or equivalent +10 years of experience
• Significant experience in cybersecurity, with strong hands-on experience in access management and network security
• 5+ years of experience as a Splunk Engineer
• Strong knowledge of search processing language (SPL)
• Proficient in scripting languages (Python, Bash Power Shell) for automation and integration
• Experience with Linux/Unix system administration
• Experience working with and guiding technicians with varying skill levels and supporting end users remotely
• Experience with security tools and technologies, like SIEM, IDS/IPS, and firewalls
• Strong analytical and problem-solving skills, particularly in optimizing security workflows
• Professional, customer-oriented, and even-keeled under pressure
• Effective communicator at all levels, both written and verbal

These Qualifications Would be Nice to Have:

• Splunk Certified Admin or Architect certification
• Splunk Enterprise Security certification
• 2+ years of experience with Cribl Stream
• Significant experience with Cribl Log Stream and Cribl Edge
• Knowledge of CI/CD pipelines and Dev Ops practices
• Familiarity with other observability tools (Elasticsearch, Prometheus)
• Knowledge of containerization technologies (Docker, Kubernetes)
• Experience with large-scale, distributed systems