4226 Splunk Engineer

OVERVIEW:

The CD&M Splunk Engineer serves as a senior technical specialist responsible for designing, developing, and optimizing Splunk-based solutions to support Treasury's enterprise-wide cybersecurity operations under TESIEMS. This position delivers advanced dashboarding, reporting, automation, and analytics capabilities that enable actionable threat detection, incident response, and compliance monitoring across multiple Treasury bureaus. As a senior member of the CD&M Team, the engineer translates mission needs into data-driven Splunk solutions that strengthen Treasury's visibility, resiliency, and security posture.

GENERAL DUTIES:

• Splunk Development & Engineering: Design and develop advanced, multi-tiered Splunk dashboards and visualizations tailored to Treasury SOC mission requirements. Build, customize, and maintain Splunk apps to support specialized operational, compliance, and reporting use cases. Develop and optimize searches, reports, alerts, and correlation rules using expert-level Splunk Processing Language (SPL).
• Content Development & Management (CD&M) Support: Collaborate with CD&M leadership to align Splunk content with enterprise detection strategies, threat intelligence, and compliance frameworks (NIST RMF, FISMA, CCRI, etc.). Create and maintain a library of Splunk dashboards, queries, and knowledge objects that provide standardized, repeatable analytic capabilities. Ensure Splunk content is version-controlled, documented, and integrated into CD&M knowledge repositories.
• Integration & Automation: Develop Python scripts, HTML/XML components, and automation playbooks to extend Splunk functionality, integrate with SOAR platforms, and support workflow automation. Collaborate with engineers to ingest, normalize, and enrich new data sources, ensuring high-quality, high-fidelity security data is available for analysis.
• Operational Excellence: Provide Tier III engineering support for Splunk-related incidents, troubleshooting, and performance optimization. Conduct peer reviews of SPL queries, dashboards, and content developed by junior engineers to ensure quality, accuracy, and efficiency. Perform regular content validation and optimization to maintain scalability and performance across large, distributed Treasury environments.
• Mentorship & Knowledge Sharing: Mentor junior Splunk engineers and analysts, providing training on SPL best practices, dashboard design, and app development. Share expertise across SOC teams, ensuring effective use of Splunk for monitoring, detection, and reporting.

REQUIRED QUALIFICATIONS:

• Demonstrated expertise in Splunk Processing Language (SPL), including advanced query optimization and performance tuning.
• Hands-on experience developing multi-tiered Splunk dashboards and custom Splunk apps. Strong coding and scripting skills in Python, with applied experience in Splunk API integration and workflow automation.
• Experience with HTML/XML for custom visualization and UI enhancements.
• Strong knowledge of data ingestion, parsing, and field extraction to maximize Splunk utility. Familiarity with cybersecurity frameworks (NIST, FISMA, FedRAMP, DISA STIGs) and their application in SOC environments.
• Ability to work in a fast-paced SOC environment, collaborating with content developers, threat hunters, and incident responders.
• 4-7 years of Splunk or SIEM experience. Strong knowledge of data normalization, log ingestion, and indexing pipelines.
• Experience with SOAR automation and Splunk content development. Three (3) years of additional experience in lieu of degree.
• Bachelor's degree from an accredited institute in an area applicable to the position in Cybersecurity, Computer Science, Information Systems, or a related discipline.
• Splunk certifications (e.g., Splunk Core Certified Power User, Splunk Certified Admin/Architect) highly preferred.

DESIRED QUALIFICATIONS:

• Relevant certifications, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Cyber Security Analyst + (CySA+) are highly desirable.

CLEARANCE:

• Secret minimum