Splunk Engineer

Splunk Engineer

Location: Arlington, VA
Full-time, Hybrid Remote
Clearance: Public Trust

JOB DESCRIPTION

Critical Solutions has an immediate need for a Splunk Engineer to support our federal customer in Arlington, VA.

The Splunk Engineer will install and maintain Splunk infrastructure, gather requirements from customers, onboard data, and assist end users with searches, dashboards, reports, and knowledge objects. The Splunk Engineer may be required to interact with senior management, as necessary.

PRIMARY ROLES AND RESPONSIBILITIES:

• Manage multiple assignments, changing priorities, and work independently with little oversight
• Build, implement, and administer Splunk in Windows and Linux environments
• Work with existing and custom Splunk applications and add-ons to fulfill customer needs
• Provide operations and maintenance support for a distributed Splunk environment consisting of heavy forwarders, indexers, and search head servers, spanning security, performance, and operational roles
• Editing and maintaining Splunk configuration files and apps
• Onboard data to Splunk via forwarder, scripted inputs, TCP/UDP, and modular inputs from a variety of sources.
• Provider operational support for Splunk Universal Forwarder on Linux and Windows endpoints
• Manage, and support automation solutions for Splunk deployment and orchestration in on-premise and cloud environments
• Documentation, reporting, presentation, teamwork, and Agency wide collaboration are among the expected duties and mission of the task order

BASIC QUALIFICATIONS:

• Must be US citizen and willing to undergo and be able to obtain Public Trust and successfully obtain an Entry of Duty (EOD) to support this program
• Bachelor's degree in Computer Science, Engineering, or a related field and a minimum of six (6) years of experience in system administration, database administration, network engineering, software engineering, or software development, with a concentration in Cybersecurity
• Splunk Cloud Experience
• Four (4) years of experience with Splunk in distributed deployments
• Current Splunk Enterprise Certified Admin certification
• Excellent written and oral skills, ability to work closely with multiple customers, manage expectations and track engagement scope
• Experience with Splunk Enterprise Security or integration with other Security Information and Event Management (SIEM) platforms
• Proficient at data on-boarding activities including routing, parsing, and normalizing events to the Splunk Common Information Model (CIM)
• Proficiency onboarding data using Splunk developed add-ons for Windows, Linux, and common third-party devices and applications
• Experience onboarding data into Splunk via forwarder, scripted inputs, TCP/UDP, and modular inputs from a variety of sources
• Proficiency managing Splunk using the Splunk command-line interface
• Proficiency managing Splunk using configuration files
• Experience collaborating with separate engineering teams to configure data sources for Splunk integration
• Proficiency implementing and onboarding data in Splunk DB Connect
• Experience with Splunk performing systems administration, including performing installation, configuration, monitoring system performance and availability, upgrades, and troubleshooting
• General networking and security troubleshooting (firewalls, routing, NAT, etc.)
• Splunk implementation and troubleshooting experience
• Experience in managing, maintaining, and administering multi-site indexer cluster
• Proficiency developing log ingestion and aggregation strategies per Splunk best practices
• Perform integration activities to configure, connect, and pull data with 3rd party software APIs
• Proficient in regular expressions
• Ability to autonomously prioritize and successfully deliver across a portfolio of projects

CERTIFICATION REQUIREMENT:

Must possess an active Splunk Enterprise Certified Admin certification and at least one of the following:

CCIE Security

Cisco Certified Network Professional (CCNP)

CCNP Security

CCSP - Certified Cloud Security Professional

CEH - Certified Ethical Hacker

Certified Data Administrator Professional

Certified Implementation Engineer Specialist

Splunk Certified Architect

Certified Storage Associate

CISSP - Certified Information Systems Security

CompTIA Advanced Security Practitioner (CASP)

Converged Infrastructure Specialist

CSSLP - Certified Secure Software Lifecycle Professional

ECSP - EC-Council Certified Secure Programmer

GCIH - Incident Handler

GCWN - Windows Security Administrator

GICSP -Cyber Security Professional

GISF - Security Fundamentals

GISP - Security Professional

GSSP - Secure Software Programmer

MCSE - Microsoft Certified Solutions Expert (Server)

RHCA - Red Hat Certified Architect

RHCE - Red Hat Certified Engineer

SEI (Software Engineering Institute)

SSCP - Systems Security Certified Practitioner

VCA (Certified Associate)

VCAP (Certified Advanced Professional)

VCDX (Certified Design Expert)

VCIX (Implementation Expert)

VCP (Certified Professional)

MS 365 Certified: Security Administrator

Microsoft Certified Azure Security Engineer (Associate)

Splunk Enterprise Certified Architect

Splunk Enterprise Certified Administrator

Splunk Core Certified Consultant

Splunk SOAR Certified Automation Developer

Splunk Certified Developer

AWS Certified Solutions Architect - Associate

AWS Certified DevOps Engineer - Professional

Swimlane Certified SOAR Developer

PREFERRED QUALIFICATIONS:

• Splunk Cloud Experience
• Experience working in Azure
• Experience with GitLab or GitHub or other version control system
• Scripting and development skills (Bash, Python, and PowerShell)

LOCATION:

• Arlington, VA. This is a hybrid on-site role with expectation of being on client site a few days a week.
• Must be able and willing to commute to work location.

ADDITIONAL INFORMATION:

CLEARANCE REQUIREMENT: Must be able to obtain and maintain Public Trust. In addition, selected candidate must undergo background investigation (BI) and finger printing by the federal agency and successfully pass the preceding to qualify for the position. US CITIZENSHIP IS REQUIRED due to the nature of the government contracts we support.

CRITICAL SOLUTIONS PAY AND BENEFITS:

Salary range $-. The salary range for this position represent the typical salary range for this job level and this does not guarantee a specific salary. Compensation is based upon multiple factors such as responsibilities of the job, education, experience, knowledge, skills, certifications, and other requirements.

BENEFIT SNAPSHOT: 100% premium coverage for Medical, Dental, Vision, and Life Insurance, Supplemental Insurance, 401K matching, Flexible Time Off (PTO/Holidays), Higher Education/Training Reimbursement, and more

Employment Type: Full-Time, Hybrid On-Site