Splunk Engineer

Description

The Splunk Engineer is responsible for the design, implementation, optimization, and sustainment of enterprise logging, monitoring, and security analytics solutions. This role ensures Splunk environments meet availability, performance, compliance, and audit requirements.

• Architect, deploy, and maintain enterprise Splunk environments, including indexers, search heads, forwarders, and multi-region architectures.
• Design, develop, and sustain custom Splunk dashboards and analytics supporting:
  • Security events, audit data, and user activity monitoring (UAM)
  • STE/STN compliance, vulnerability and compliance scans
  • Network/system observable events by SSP
  • Containerized application events by namespace
  • Mission metrics, outage tracking, and system/network utilization
• Ensure Splunk dashboards and logging infrastructure maintain =93% operational availability monthly.
• Develop and maintain dashboards for authentication events, privileged access, account management, role escalation, and container security events.
• Integrate data from Net Flow/sFlow, Syslog, Cribl, Nagios, HP NNMi, HPNA, vulnerability scanners, and compliance tools.
• Perform Splunk scaling, performance tuning, data onboarding, and index management.
• Maintain log retention policies ensuring:
  • 30 days online searchable logs
  • 5 years, 11 months offline retention with restore capability
• Provide Tier-4 support, including vendor escalation and coordination with Splunk engineering.
• Advise architects and security accreditors on Splunk security configurations and audit capabilities.
• Develop automation, parsing, and enrichment logic to reduce false positives and enhance alert fidelity.

TS/SCI w/ Polygraph Clearance Required

• Splunk Enterprise architecture and administration
• Security logging, SIEM design, and compliance reporting
• Linux systems administration
• Data onboarding (Syslog, Net Flow, API ingestion)
• Scripting (Python, Bash, SPL)