Splunk Integration Engineer

Deliver simple solutions to complex problems as a Splunk Integration Engineer at GDIT. Here, you'll tailor cutting-edge solutions to the unique requirements of our clients. With a career in application development, you'll make the end user's experience your priority and we'll make your career growth ours.

At GDIT, people are our differentiators. As a Splunk Integration Engineer you will help ensure today is safe and tomorrow is smarter. Our work depends on the Splunk Integration Engineer joining our team to support the CITS contract for USCENTCOM based in Tampa, Florida.

The Splunk Integration Engineer will play a key role in the design, implementation, and optimization of Splunk as an enterprise platform, supporting SIEM, IT Service Intelligence (ITSI), User Behavior Analytics (UBA), and Application Performance Monitoring (APM) across a multi-domain environment. This role requires hands-on experience with distributed Splunk architecture and a strategic vision for log management, analytics, and service observability across complex mission systems.

HOW A SYSTEMS ENGINEER ADVISOR WILL MAKE AN IMPACT:

• Drive the deployment and ongoing optimization of Splunk components as a core enterprise analytics platform, supporting cybersecurity, IT operations, and business intelligence
• Developing and managing data ingestion pipelines from diverse sources: infrastructure, network, applications, endpoints, and security systems.
• Implementing and tuning ITSI services, KPIs, and glass tables to enhance service visibility and operational resilience.
• Configuring and maintaining UBA policies and models to support insider threat detection and advanced analytics.
• Integrating APM solutions into Splunk for real-time performance insights and troubleshooting across application tiers.
• Building scalable and reusable content: dashboards, alerts, correlation rules, analytics workbooks, and compliance reports.
• Automating workflows and deployments using SOAR, Python, PowerShell, and CI/CD pipelines where applicable.
• Coordinating with mission owners and cross-functional teams to align logging, analytics, and operational needs across domains.
• Maintaining detailed documentation of integration architectures, deployment processes, and system configurations.
• Supporting system upgrades, patching, and performance tuning across the Splunk platform.
• Evaluating and onboarding new data sources to enhance enterprise visibility and threat detection.
• Collaborating with cybersecurity, IT operations, and development teams to integrate Splunk into existing workflows.
• Developing and maintaining custom apps, technology add-ons (TAs), and integration connectors.
• Interfacing with vendors and engineering teams to resolve platform-related issues.
• Supporting metrics-driven decision-making by producing data visualizations and reports for leadership.
• Mentoring junior analysts and engineers in Splunk usage, development, and administration.

WHAT YOU'LL NEED TO SUCCEED:

• Required Experience: 8+ years of related experience
• Required Technical Skills:
  
  • Applicable DoD 8140 or DoD 8570 Certification
  • Deep expertise in Splunk Enterprise, ITSI, UBA, and APM modules
  • Experience designing and supporting Splunk in a multi-domain or cross-network enterprise
  • Proficiency in data onboarding, normalization (CIM compliance), and custom parsing
  • Strong understanding of service health modeling and performance baselining in Splunk ITSI
  • Experience with behavioral analytics, identity telemetry, and insider threat use cases via Splunk UBA
  • Proficiency in scripting languages (e.g., Python, PowerShell, Bash) for automation and integration
  • Knowledge of enterprise infrastructure (Windows/Linux/VMware/Cloud) and app telemetry (APM)
  • Ability to produce comprehensive documentation and transition solutions into operations
• Preferred Skills:
  
  • Experience with supporting tools: ForeScout, Trellix, Elastic, ArcSight
  • Familiarity with cloud-native logging, container monitoring, and microservices instrumentation
  • Integration with SOAR, threat intel feeds, or case management systems
  • Knowledge of data privacy, retention, and compliance standards relevant to DoD environments
  • Splunk Core Certified Power User or Architect Certification
  • ITSI Implementation or Observability Suite Certification
  • Experience with USCENTCOM or multi-domain defense networks
  • Familiarity with Zero Trust and enterprise observability frameworks
  • ITIL 4 Foundation Certification
• Location: On Site-Tampa, FL
• Security Clearance Level: TS/SCI clearance required

GDIT IS YOUR PLACE:

• 401K with company match
• Comprehensive health and wellness packages
• Internal mobility team dedicated to helping you own your career
• Professional growth opportunities including paid education and certifications
• Cutting-edge technology you can learn from and and utilize to make a real impact on the world around you.
• Rest and recharge with paid vacation and holidays

#ARMA

#CENTCOMCITS

Work Requirements