Splunk Core & Enterprise Security (ES) Consultant
About The Position
We are supporting a federal civilian agency undergoing a Splunk implementation and modernization effort. The Splunk Consultant will be responsible for maintaining and optimizing the Splunk Core and Enterprise Security (ES) environments while supporting the implementation and configuration of Splunk IT Service Intelligence (ITSI). This role requires a hands-on practitioner who can operate within an existing environment while contributing to ongoing deployment efforts. The consultant will work closely with stakeholders across security, operations, and infrastructure teams to ensure system performance, data integrity, and actionable insights from the platform.
Requirements
- Active Splunk Core Certified Consultant certification
- Active Splunk Enterprise Security (ES) certification
- Active Splunk ITSI Accreditation
- 5+ years of hands-on experience with Splunk in enterprise environments
- Experience supporting both Splunk Core and Enterprise Security deployments
- Experience implementing and configuring Splunk IT Service Intelligence (ITSI) in a production environment
- Strong understanding of Splunk architecture (indexers, search heads, forwarders, clustering)
- Experience with data onboarding, parsing, and field extraction
- Familiarity with Common Information Model (CIM) and data normalization
- Experience with Linux environments and basic system administration
- Ability to troubleshoot complex issues across infrastructure and application layers
Nice To Haves
- Experience supporting federal civilian or DoD environments
- Familiarity with security frameworks (NIST, RMF, FedRAMP)
- Experience integrating Splunk with cloud environments (AWS, Azure, or hybrid)
- Knowledge of scripting languages such as Python or Bash for automation
- Experience with DevOps or infrastructure-as-code approaches in Splunk deployments
- Able to operate independently in a production environment
- Comfortable working in both sustainment and implementation phases simultaneously
- Strong communication skills with the ability to work across technical and non-technical teams
- Detail-oriented with a focus on system performance and reliability
Responsibilities
- Maintain and support existing Splunk Core and Splunk Enterprise Security (ES) environments
- Monitor system health, performance, and data ingestion across distributed Splunk architecture
- Troubleshoot and resolve issues related to search performance, data pipelines, and system availability
- Support the implementation, configuration, and optimization of Splunk IT Service Intelligence (ITSI)
- Configure and maintain ITSI components including services, KPIs, glass tables, and correlation searches
- Assist with onboarding new data sources, ensuring proper parsing, normalization, and CIM compliance
- Develop and maintain dashboards, alerts, and reports for both operational and security use cases
- Collaborate with cybersecurity teams to enhance detection capabilities within Splunk ES
- Support upgrades, patching, and lifecycle management of Splunk components
- Document configurations, processes, and standard operating procedures
- Provide knowledge transfer and support to government personnel as needed
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
