Today
Secret
Unspecified
Unspecified
Annapolis Junction, MD (On-Site/Office)
Position Title: Lead Splunk Engineer Architect
Position Type: Onsite
Location: Annapolis Junction, MD
Clearance: TS/SCI
Responsibilities
Qualifications
Desired
Position Type: Onsite
Location: Annapolis Junction, MD
Clearance: TS/SCI
Responsibilities
- Provide Splunk support for design, architecture, development, unit test, deployment, installation, configuration, integration, operation, and maintenance
- Redesign an enterprise Splunk environment using industry practices along with cluster environments or multi-tenant environments.
- Experience in the design and upgrade of Splunk in the cloud and on-premises environments to include architecting search head, indexer, universal forwarder, and heavy forwarder instances needed to service the expanding enterprise demand expected on the Splunk System as cross organizational use cases emerge
- Drive complex security focused Splunk deployments, including architecting, implementing, and integrating with a current or planned customer security and monitoring strategy to include advanced products like Enterprise Security.
- Build Splunk dashboards that take inputs from various data sources such as application logs, operating system logs, middleware logs, network feeds, etc.
- Utilize Splunk to develop data requirements, data catalog(s), data descriptions, data sources, and data formatting to ensure that security controls can be measured and managed across on-premises and cloud IT services
- Turn data into action with intelligent analytics and clear insights. Define raw input requirements to support data models as well as final outputs required to ensure Department personnel can assess the security status of computing systems and produce readable, understandable summary reporting
- Expertise in Lookup Tables, CSV, and Summary Indexes.
- Inventory and assess data sources and inputs and ensure this data is prioritized and properly formatted for Splunk ingest and report generation.
- Build Splunk dashboards that take inputs from vendor tools such as Tenable, Trellix, Cisco, Microsoft, etc.
Qualifications
- Proven experience in a Splunk Architect role.
- Strong understanding of Splunk architecture, components, and deployment options.
- Proficiency in Splunk Search Processing Language (SPL) for creating complex search queries and reports.
- Experience with Splunk data ingestion methods, including forwarders, HTTP Event Collector (HEC), and scripted inputs.
- Five years of experience with planning, designing, deploying, and configuring Splunk in cloud, virtual, and physical environments.
- Solid understanding of IT infrastructure, including networking, operating systems, and security principles.
- Excellent problem-solving skills and attention to detail.
- Strong communication and collaboration abilities.
- Splunk Architect is required.
- Splunk Certified Administrator certification required.
- 8140/8570 IAT Level III certification required
- Must have a current DoD 8570.1-M/8140 IAT Level III certification
Desired
- Experience with installing Enterprise Security, SOAR, and Qmulos
- Familiarity with Syslog servers
- System administrator
- Network administrator
- Experience with Linux and Windows
group id: 91113162
