Senior Splunk Engineer

About The Position

Requirements

• Active TS/SCI with CI Ploy clearance (or eligibility) as required by the program.
• Bachelor’s degree in Computer Science, Information Security, Information Systems, or equivalent experience.
• 8 - 10 years of experience with approximately 4-8 years of IT/cybersecurity experience, with at least 3+ years of hands-on Splunk Enterprise administration/engineering.
• Demonstrated experience supporting Splunk in highly regulated or secure environments (DoD, IC, federal, defense contractor, or similar).
• Proficiency with SPL, including complex searches, statistical commands, sub searches, lookups, and dashboard creation.
• Experience onboarding and normalizing data from: Windows and Linux systems Network infrastructure (routers, switches, firewalls, proxies) Security tools (AV/EDR, IDS/IPS, vulnerability scanners, identity systems)
• Strong understanding of information security principles and controls (logging, monitoring, auditing, least privilege, configuration management).
• Familiarity with NIST 800-53, RMF, JSIG, or similar frameworks applicable to classified systems.

Nice To Haves

• Splunk certifications (e.g., Splunk Core Certified Power User, Splunk Core Certified Admin, Splunk Enterprise Security Certified Admin).
• Experience operating Splunk in air-gapped, disconnected, or cross-domain (CDS) architectures.
• Scripting skills (Python, PowerShell, Bash) for automation, integrations, and data manipulation.
• Experience with configuration management and infrastructure-as-code (Ansible, Puppet, Chef, Terraform, or similar).
• DoD 8570/8140-compliant certification (e.g., Security+, CySA+, CASP+, CISSP, GSLC, GSEC) as required for IAT/IASAE roles.
• Background in one or more of: systems administration, network engineering, or cyber engineering in classified environments.

Responsibilities

• Install, configure, and maintain Splunk Enterprise and Splunk ES in classified, air-gapped, or cross-domain environments.
• Manage distributed architectures (indexers, search heads, cluster masters, deployment servers, forwarders) with a focus on reliability, performance, and security.
• Perform upgrades, patching, app deployment, performance tuning, and capacity planning.
• Implement and maintain backup/restore, DR procedures, and system hardening in accordance with DoD/IC and organizational policies.
• Onboard logs from servers, network devices, security appliances, applications, and specialized classified systems.
• Develop and manage inputs, props, transforms, field extractions, and parsing to ensure high-quality, normalized data (CIM-compliant where applicable).
• Work with system owners and engineers to define logging requirements that support auditing, incident reconstruction, and compliance.
• Integrate Splunk with existing security tooling and infrastructure (e.g., host-based security, IDS/IPS, vulnerability scanners, identity systems).
• Develop searches, correlation logic, alerts (where appropriate), and dashboards to surface security-relevant activity, system health, and compliance status.
• Create role-specific dashboards for cybersecurity staff, ISSOs/ISSMs, system administrators, and leadership.
• Support audit and inspection preparation (e.g., RMF, JSIG, NIST 800-53, CNSSI 1253) by building reports and evidence queries from Splunk.
• Implement and maintain data models, lookups, and other knowledge objects to support efficient analysis and reporting.
• Ensure Splunk configurations and data flows comply with classified environment requirements, including handling caveats, data segregation, and need-to-know.
• Implement strict RBAC, data access controls, and logging of administrative actions.
• Support RMF and related processes by providing visibility into control effectiveness (e.g., AU-2, AU-6, AU-12, SI-4).
• Assist with continuous monitoring activities using Splunk as a key evidence and monitoring platform.
• Collaborate with cybersecurity engineers, ISSOs/ISSMs, system administrators, and network engineers to embed Splunk into system designs and modernization efforts.
• Provide expert guidance on how to leverage Splunk for troubleshooting, audit support, and security visibility.
• Mentor junior engineers and administrators on Splunk best practices, SPL queries, and platform usage.
• Contribute to Splunk standards, runbooks, and engineering documentation tailored for the classified environment.

Benefits

• AMERICAN SYSTEMS provides for the welfare of its employees and their dependents through a comprehensive benefits program by offering healthcare benefits, paid leave, retirement plans, insurance programs, and education and training assistance.