Splunk Engineer

About The Position

Requirements

• DOJ experience with an active clearance (Public Trust)
• Bachelor’s degree in related discipline OR 12 years of on-the-job experience
• 4 years’ experience in specialized cloud technologies
• Splunk Certifications – One or more of the following: Cloud Certified Admin, Core Certified User, Enterprise Certified Admin
• AWS Certifications – One or more of the following: Solutions Architect Associate, SysOps Administrator Associate, Certified Developer
• Proven experience working as a Splunk Engineer with a focus on AWS integration and deployment
• Strong understanding of AWS services and architecture, with hands-on experience in deploying and managing AWS resources
• In-depth knowledge of Splunk Enterprise, including SPL (Splunk Processing Language), data modeling, and search optimization
• Proficiency in scripting and automation using languages such as Python, PowerShell, or Shell scripting
• Experience with AWS security best practices, IAM (Identity and Access Management), encryption, and compliance standards

Responsibilities

• Design, deploy, configure, and maintain Splunk infrastructure within AWS environments, including the setup of indexers, forwarders, and search heads
• Develop and implement Splunk data ingestion strategies for AWS services such as EC2, S3, Lambda, CloudWatch, VPC Flow Logs, and more
• Create custom Splunk searches, dashboards, reports, and alerts tailored to AWS-specific use cases and business requirements
• Collaborate with AWS architects and engineers to optimize Splunk deployments for scalability, reliability, and cost-effectiveness
• Integrate Splunk with AWS security services such as AWS CloudTrail, AWS Config, and AWS Security Hub to enhance threat detection and incident response capabilities
• Leverage Splunk's Machine Learning Toolkit (MLTK) to build predictive models and anomaly detection algorithms for AWS environment monitoring
• Implement and maintain Splunk apps and add-ons designed for AWS integration, such as AWS App for Splunk and AWS Add-on for Splunk
• Develop and maintain automation scripts for Splunk deployment, configuration, and management tasks using AWS CloudFormation, AWS CLI, or other automation tools
• Provide technical expertise and support to troubleshoot Splunk-related issues, performance bottlenecks, and integration challenges within AWS environments
• Stay abreast of AWS best practices, new services, and security updates, and ensure alignment with Splunk deployment strategies and configurations
• Stay updated with emerging cloud technologies, industry trends, and best practices in cloud computing and data management