Splunk Engineer

Zermount, Inc•Arlington, VA

About The Position

Zermount seeks an experienced Splunk Engineer to support an enterprise security, operations, and monitoring environment. You will engineer, administer, maintain, and enhance Splunk to ensure performance, scalability, and operational effectiveness, working closely with infrastructure, network, and security teams in a formal change/ticket environment.

Requirements

5+ yrs enterprise Splunk engineering/admin (distributed/clustered)
Strong ingestion/normalization/field extractions/custom parsing
Advanced SPL
Linux/RHEL install/config/upgrade/tuning
Integrations incl DB Connect + SQL, syslog-ng on RHEL/SELinux, scripting (Python/Bash/PowerShell)
Cribl administration and license-reduction strategies
Production major upgrades
Strong documentation/diagramming
Required-Splunk Certified Administrator (or higher) AND 1 DoD 8140 IAT Level II baseline security cert
Minimum Background Investigation

Nice To Haves

Splunk Architect/Core Consultant
Linux admin
Cribl

Responsibilities

Engineer/admin Splunk Enterprise (implement, configure, troubleshoot, patch/upgrade)
Design/evaluate distributed/clustered architecture and recommend improvements
Onboard/ingest/parse/normalize data (network/app/DB/cloud)
Build/maintain custom parsers, field extractions, data models, and knowledge objects
Install/maintain Splunk apps/add-ons
Develop SPL searches, alerts, reports, dashboards and improve detections/reporting
Monitor/optimize health, connectivity, performance, license use
Tuning/capacity planning and daily health checks
Lifecycle: major upgrades, patching, backup validation, restore testing, decommissioning
Admin Splunk on RHEL (accounts/access controls, certs, .conf management, config backups)
Troubleshoot ingestion/integration issues and coordinate with teams/vendors
Produce technical documentation and architecture/data-flow diagrams
Track/report work via tickets/dashboards
Provide cross-functional engineering support