Splunk Engineer

About The Position

Requirements

• Bachelor's degree in one of the following fields: Computer Science, Cybersecurity, Data Science, Information Systems, Mathematics, Software Engineering, or Information Technology with 8+ years of relevant experience; or Master's with 6+ years of relevant experience; Four years of additional experience can be considered in lieu of a Bachelor's degree.
• Active TS clearance with SCI eligibility.
• Active CompTIA Security+ certification.
• 3 years proficiency with SPL, Dashboard Studio, data models, and the Asset Framework.
• 3 years experience using the following tools and technologies: Splunk Enterprise (Search, SPL, Dashboard Studio, Data Models, Asset Framework), Splunk IT Service Intelligence (ITSI),Splunk Security Essential, JIRA, Git, REST APIs, JSON, Basic CSS/HTML for dashboard theming.

Nice To Haves

• Minimum 6 years hands-on experience building and supporting Splunk dashboards, reports, and saved searches.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), Certified Authorization Professional (CAP).
• Strong understanding of asset-centric reporting, CVE tracking, and executive situational awareness use cases.
• Proven ability to optimize Splunk search performance and design intuitive UI layouts.
• Excellent documentation skills and experience transferring knowledge to cross-functional teams.
• In-depth understanding of the Continuous Diagnostics and Mitigation (CDM) program and its phases (vulnerability management, configuration management, identity and access management, and incident response).
• Proficiency in Zero Trust principles, including micro-segmentation, least-privilege access, and continuous verification of users, devices, and services.
• Expertise in the NIST Risk Management Framework (RMF) (SP 800-37/SP 800-53), from categorization through monitoring and continuous authorization.
• Familiarity with the Cybersecurity Assessment and Secure Mission (CASM) model for evaluating control effectiveness and mission impact.

Responsibilities

• Front-end Architect and implement Splunk dashboards for data-center asset inventory and vulnerability reporting.
• Build Executive dashboards that filter and highlight critical assets for situational awareness.
• Normalize dashboard layouts, panels, and visualizations to a consistent styling and naming convention.
• Optimize searches and SPL queries for performance and scalability.
• Integrate new data sources and onboard security systems into Splunk.
• Map CVE and asset owner data into asset-centric dashboards.
• Produce and maintain dashboard documentation: data sources, queries, drill-downs, and user guides.
• Collaborate with stakeholders to plan new dashboards, define requirements, wireframes, and success metrics.
• Back-end Administer and enhance existing Splunk Enterprise and Enterprise Security deployments across the enterprise.
• Manage Splunk system administration, including operating system and application-level support.
• Apply necessary upgrades, patches, and configuration changes to maintain secure and efficient operations.
• Monitor, analyze, and troubleshoot logs to identify and resolve performance or integration issues.
• Collaborate closely with both contractor and government teams to address technical challenges in real time.
• Analyze and resolve system performance concerns such as latency, bottlenecks, and data flow interruptions.
• Design and implement solutions based on stakeholder requirements, ensuring alignment with enterprise architecture goals.