Splunk and Cribl Engineer (Secret Clearance Required)

About The Position

Requirements

• Secret Clearance Required
• 4+ years of hands-on experience administering and engineering Splunk Enterprise in production environments
• Experience with distributed Splunk architectures, including forwarders, heavy forwarders, indexers, search heads, and clustering
• Strong experience with data onboarding, parsing, normalization, field extraction, and sourcetype management
• Experience troubleshooting data flow, search performance, platform health, and ingestion bottlenecks
• Experience supporting a SOC, SIEM, or cyber defense environment
• Experience onboarding logs from both cloud and on-premises systems
• Working knowledge of RHEL/Linux and Windows administration
• Ability to collaborate with analysts and engineers to align telemetry ingestion with detection, monitoring, and compliance requirements
• Maintain focus and awareness throughout scheduled working hours.
• Perform tasks requiring prolonged periods of sitting or standing at a desk, utilizing a computer, mouse, and keyboard.
• Exhibit excellent verbal and written communication skills, with a strong command of the English language.
• Demonstrate the ability to work independently while also collaborating effectively as part of a team.
• Quickly learn and retain routine tasks and processes.
• Possess strong organizational skills, attention to detail, business correspondence proficiency, and self-management capabilities.
• Accept and adapt to additional responsibilities or changes to assigned duties as determined by DirectViz Solutions (DVS).

Nice To Haves

• Cribl Preferred
• Hands-on experience administering Cribl Stream in production environments
• Experience building and tuning Cribl routes, pipelines, packs, and worker groups
• Experience using Cribl to filter, enrich, route, redact, and optimize telemetry prior to Splunk ingestion
• Experience reducing ingest costs and improving telemetry quality through data shaping and routing strategies
• Familiarity with Splunk Enterprise Security, CIM, data models, and security content dependencies
• Experience ingesting data from AWS, Azure, Microsoft 365, identity platforms, EDR, firewalls, and network security tools
• Scripting experience in Python, Bash, or PowerShell
• Familiarity with regex, JSON parsing, syslog, and API-based log collection

Responsibilities

• Own end-to-end log onboarding, parsing, normalization, routing, and platform optimization for assigned data sources across Splunk and Cribl.
• Support a SOC Engineering team responsible for expanding security visibility across cloud and on-premises environments.
• Collaborate with analysts and engineers to align telemetry ingestion with detection, monitoring, and compliance requirements.
• Administer and engineer Splunk Enterprise in production environments.
• Manage distributed Splunk architectures, including forwarders, heavy forwarders, indexers, search heads, and clustering.
• Perform data onboarding, parsing, normalization, field extraction, and sourcetype management.
• Troubleshoot data flow, search performance, platform health, and ingestion bottlenecks.
• Support a SOC, SIEM, or cyber defense environment.
• Onboard logs from both cloud and on-premises systems.
• Administer Cribl Stream in production environments.
• Build and tune Cribl routes, pipelines, packs, and worker groups.
• Use Cribl to filter, enrich, route, redact, and optimize telemetry prior to Splunk ingestion.
• Reduce ingest costs and improve telemetry quality through data shaping and routing strategies.
• Work with Splunk Enterprise Security, CIM, data models, and security content dependencies.
• Ingest data from AWS, Azure, Microsoft 365, identity platforms, EDR, firewalls, and network security tools.
• Utilize scripting experience in Python, Bash, or PowerShell.
• Work with regex, JSON parsing, syslog, and API-based log collection.

Benefits

• Competitive compensation
• Comprehensive medical benefits
• 401(k) match
• Generous PTO accrual
• Professional development reimbursement
• Corporate-funded technology certifications
• Robust employee recognition and appreciation programs