Splunk Engineer

Ashburn is seeking a Senior Splunk Engineer to support a federal cybersecurity architecture opportunity. This Key Personnel role will support enterprise SIEM operations, Splunk architecture, data ingestion, dashboards, alerting, analytics, secure configuration, and performance optimization in a complex Government environment for a proposal opportunity., * Architect, deploy, operate, and maintain enterprise Splunk infrastructure.

• Support SIEM data ingestion, indexing, normalization, dashboarding, alerting, and operational reporting.
• Develop dashboards and visualizations for security, operations, and mission stakeholders.
• Manage Splunk configurations, search/index clusters, data models, alerts, reports, saved searches, and knowledge objects.
• Support account/access management, server management, monitoring, patching, Splunk version upgrades, and app/add-on maintenance.
• Improve log source coverage and quality across enterprise systems and applications.
• Use scripting and automation to improve SIEM operations and support security analytics.
• Support federal cybersecurity standards, secure configuration, and audit-ready documentation.

Do you have experience in macOS support?, * Candidates must be U.S. citizens.

• Candidates must be willing and able to work as Ashburn W-2 employees. 1099 and corp-to-corp arrangements are not permitted for these roles.
• DHS EOD / suitability is required.
• 10+ years of experience designing, implementing, and maintaining Splunk architecture across diverse Government or similarly complex enterprise environments.
• Experience supporting Splunk across Windows, Linux, Solaris, and macOS environments.
• Hands-on expertise with core Splunk components: Indexer, Search Head, Deployer, Deployment Server, License Master, Heavy Forwarder, Universal Forwarder.
• Experience with Splunk authentication methods such as LDAP and SAML.
• Experience managing Splunk indexer and search clusters.
• Experience configuring Splunk through configuration files and implementing policies, procedures, and standards for secure and efficient Splunk operations.
• Advanced ability to use Splunk to extract, transform, analyze, and visualize data for actionable security and operational insights.
• Experience developing advanced Splunk queries, dashboards, reports, alerts, and data models.
• Experience conducting application performance and capacity analysis.
• Advanced scripting experience using Shell, Python, JavaScript, XML, CSS, or equivalent tools.
• Experience configuring data collection applications such as Splunk DB Connect and the Splunk App for AWS.
• Experience deploying or supporting Splunk Cloud services on AWS.

Preferred / Strongly Desired Qualifications

• Prior DHS, DOD / DOW, or federal civilian cybersecurity program experience.
• Experience supporting large, multi-datacenter Splunk clusters.
• Experience improving log coverage, log quality, data source onboarding, dashboards, anomaly detection, and security analytics.
• Splunk certifications strongly preferred.
• Experience working in DevSecOps, cybersecurity operations, or enterprise security architecture environments., Work is equally performed in the field as well as in a normal office environment. Lifting (up to 50lbs) may be required. Ladder climbing may be required. Driving is required. All duties performed with or without reasonable accommodations.

3.63.6 out of 5 stars Camp Springs, MD Hybrid work $170,000 - $195,000 a year - Full-time

Ashburn Consulting, LLC, based in the Washington, DC metropolitan area, specializes in providing network and network security solutions in complex environments to a select set of government and business clients. The company, an established leader in its field, is composed of an elite team of engineers and business consultants, each of whom is recognized, and highly regarded, within the network and security communities.