Senior Splunk Engineer

Dragonfli Group•Washington, DC

17h•Hybrid

About The Position

Dragonfli Group is a cybersecurity and IT consulting firm providing services to federal agencies and Fortune 100 enterprises. Headquartered in Washington, DC, Dragonfli supports clients in securing mission-critical systems across on-site, hybrid, and fully remote environments. We are seeking a Senior Splunk Engineer to serve as a Subject Matter Expert (SME) for a mission-critical cybersecurity initiative. In this role, you will be responsible for the end-to-end architecture, design, deployment, and maintenance of enterprise-level Splunk environments across hybrid on-premise (Unix/Linux) and cloud-based infrastructures. You will collaborate extensively with DevOps, Security, and IT teams to ensure system availability, data integrity, and operational excellence. This role requires a minimum of 5 years of hands-on experience with Splunk Enterprise, specifically focusing on complex data ingestion, system configuration, and automation. This is a multi-year contract position involving a large US federal agency. Candidates with previous federal contracting experience are preferred. U.S. Citizenship or Permanent Residency required. If hired, all work related to this role must be performed within the continental U.S.

Requirements

Experience: 5+ years of hands-on experience with Splunk Enterprise in a large-scale environment.
Technical Proficiency: Proficiency in Splunk system architecture, deployment, and configuration management.
Search Processing Language (SPL): Advanced ability to write complex queries for dashboards, alerts, and reporting.
Data Management: Strong capability in troubleshooting data ingestion, parsing, and onboarding logs.
API Integration: Experience using REST APIs for Splunk and third-party system integrations.
Soft Skills: Strong problem-solving abilities, service-oriented mindset, and the ability to articulate technical concepts to non-technical audiences.

Nice To Haves

Operating Systems: Advanced administration and troubleshooting skills in Unix/Linux and Windows environments.
Scripting: Strong scripting skills in Bash, Python, JavaScript, SQL, or PowerShell for automation tasks.
Cloud Platforms: Experience integrating Splunk with AWS, GCP, or Azure.
Security Standards: Understanding of NIST, FISMA, and FedRAMP controls, as well as role-based access control (RBAC) implementation.
Advanced Splunk Tools: Experience with the Splunk App for Data Science/Deep Learning, Splunk SOAR, or Splunk AI Assistant.
Background: Previous experience in Cybersecurity, Network Administration, or Observability industries.

Responsibilities

System Architecture & Design: Design, deploy, and maintain large-scale on-premises and cloud-based Splunk environments to support enterprise monitoring and security alerting.
Configuration Management: Manage knowledge objects (fields, extractions, tags, event types, lookups, macros) and oversee configuration files (.conf and .cfg) across recent Splunk Enterprise versions.
Data Ingestion & Troubleshooting: Analyze and resolve complex data ingestion and parsing issues to ensure accurate data flow and integrity.
Content Development: Create and optimize complex Splunk queries (SPL), dashboards, and alerts to support security and operational objectives.
Automation: Develop automation workflows and dashboard interfaces to streamline operations and reduce manual overhead.
Integration: Utilize REST APIs to integrate Splunk with external systems and cloud platforms.
Collaboration & Mentorship: Collaborate with cross-functional teams (DevOps, Security) and provide mentorship and technical guidance to junior team members.
Maintenance: Perform upgrades, patching, and performance tuning; participate in off-hours and weekend maintenance efforts as required.