Posted today
Top Secret/SCI
Mid Level Career (5+ yrs experience)
$220,000 - $245,000
IT - Software
Reston, VA (On-Site/Office)•Avondale, MD (On-Site/Office)
Position Overview:
The Splunk Engineer supports enterprise-wide monitoring, alerting, and analytics across the customer’s operational and security environments. This position develops and maintains custom Splunk dashboards, visualizations, and alerts that provide actionable insights for NOC and SOC personnel. The engineer ensures data integrity, visibility, and system performance across mission-critical networks and applications supporting government operations. This role bridges IT operations and cybersecurity by delivering analytics solutions that enhance situational awareness, reduce incident response time, and support compliance with NIST 800-171, and DoD 8570 requirements.
Key Responsibilities:
***The job description did not entirely depict the skillset this team is seeking. We need a candidate that has a strong background building "glass tables" within Splunk's ITSI model specifically on the front end visualization side with an understanding of the backend infrastructure.
The main thing we are looking for is UI/UX experience with Splunk using the ITSI framework and experience with "glass-tables" based dashboards. This is not the traditional Splunk engineering role that handles the backend, but rather a Splunk front-end UI/UX role. It does still require solid knowledge of the backend, but that will not be a responsibility in this position, only the creation and maintenance of dashboards and alerting.***
Design, develop, and maintain custom Splunk dashboards, alerts, and reports to support both NOC and SOC operations.
Onboard new data sources including network appliances, servers, security tools, and applications using forwarders, APIs, and syslog integrations.
Implement data normalization using the Splunk Common Information Model (CIM) to support consistent reporting and event correlation.
Develop and optimize SPL queries, regex extractions, and macros for high-performing searches and visualizations.
Configure and tune threshold-based and adaptive alerts for system performance, security, and application availability.
Collaborate with NOC and SOC analysts to define KPIs and ensure accurate visibility into network health and security posture.
Support incident detection, triage, and root cause analysis using Splunk dashboards and search tools.
Monitor and maintain the health and performance of Splunk Enterprise / Splunk Cloud environments.
Integrate Splunk with automation/orchestration tools (e.g., Ansible, ServiceNow, SOAR platforms) for improved workflow efficiency.
Document data source onboarding, dashboard configuration, and analytic processes in accordance with program SOPs.
Qualifications:
Education:
Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field; equivalent work experience may be substituted.
Security Clearance:
Active TS/SCI is required to interview.
CI Polygraph is preferred to interview, but is required to start. If you do not possess a CI Polygraph, your start will be delayed until you pass a polygraph.
Experience:
3–5 years of hands-on experience administering, configuring, and developing within Splunk Enterprise or Splunk Cloud environments.
Skills:
Demonstrated experience designing and maintaining custom dashboards, reports, and alerting frameworks.
Strong proficiency in Splunk Search Processing Language (SPL), field extractions, and data model creation.
Familiarity with Linux and Windows server environments, network protocols (TCP/IP, SNMP, syslog), and application log ingestion.
Understanding of NOC/SOC workflows, event correlation, and log management best practices.
Experience troubleshooting data ingestion, indexing, and search performance issues.
Excellent communication, documentation, and collaboration skills.
Certifications:
Active CompTIA Security+, CySA+, CASP+, CISSP, or equivalent DoD 8570 IAT Level II.
Preferred Qualifications:
Current Splunk Core Certified Power User, Admin, or Architect certification.
Experience supporting federal or DoD environments and familiarity with RMF (Risk Management Framework).
Experience with Python scripting, REST APIs, or JSON/XML parsing for custom integrations.
Working knowledge of NIST 800-53/171, and log retention / audit evidence requirements.
Experience with automation, orchestration, or SIEM/SOAR integration.
Key Competencies:
Strong analytical and problem-solving skills.
Ability to work under pressure in mission-critical environments.
Detail-oriented with strong organizational skills.
Self-motivated, adaptable, and able to operate effectively in a team or independently.
Commitment to continuous improvement and innovation in monitoring and analytics capabilities.
Tools & Technologies:
Splunk Enterprise / Cloud, Linux, Windows Server, Cisco and Palo Alto devices, AWS/Azure cloud services, Ansible, ServiceNow, Python, JSON, REST APIs, Syslog, SNMP, SOAR, GitLab CI/CD.
The Splunk Engineer supports enterprise-wide monitoring, alerting, and analytics across the customer’s operational and security environments. This position develops and maintains custom Splunk dashboards, visualizations, and alerts that provide actionable insights for NOC and SOC personnel. The engineer ensures data integrity, visibility, and system performance across mission-critical networks and applications supporting government operations. This role bridges IT operations and cybersecurity by delivering analytics solutions that enhance situational awareness, reduce incident response time, and support compliance with NIST 800-171, and DoD 8570 requirements.
Key Responsibilities:
***The job description did not entirely depict the skillset this team is seeking. We need a candidate that has a strong background building "glass tables" within Splunk's ITSI model specifically on the front end visualization side with an understanding of the backend infrastructure.
The main thing we are looking for is UI/UX experience with Splunk using the ITSI framework and experience with "glass-tables" based dashboards. This is not the traditional Splunk engineering role that handles the backend, but rather a Splunk front-end UI/UX role. It does still require solid knowledge of the backend, but that will not be a responsibility in this position, only the creation and maintenance of dashboards and alerting.***
Design, develop, and maintain custom Splunk dashboards, alerts, and reports to support both NOC and SOC operations.
Onboard new data sources including network appliances, servers, security tools, and applications using forwarders, APIs, and syslog integrations.
Implement data normalization using the Splunk Common Information Model (CIM) to support consistent reporting and event correlation.
Develop and optimize SPL queries, regex extractions, and macros for high-performing searches and visualizations.
Configure and tune threshold-based and adaptive alerts for system performance, security, and application availability.
Collaborate with NOC and SOC analysts to define KPIs and ensure accurate visibility into network health and security posture.
Support incident detection, triage, and root cause analysis using Splunk dashboards and search tools.
Monitor and maintain the health and performance of Splunk Enterprise / Splunk Cloud environments.
Integrate Splunk with automation/orchestration tools (e.g., Ansible, ServiceNow, SOAR platforms) for improved workflow efficiency.
Document data source onboarding, dashboard configuration, and analytic processes in accordance with program SOPs.
Qualifications:
Education:
Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field; equivalent work experience may be substituted.
Security Clearance:
Active TS/SCI is required to interview.
CI Polygraph is preferred to interview, but is required to start. If you do not possess a CI Polygraph, your start will be delayed until you pass a polygraph.
Experience:
3–5 years of hands-on experience administering, configuring, and developing within Splunk Enterprise or Splunk Cloud environments.
Skills:
Demonstrated experience designing and maintaining custom dashboards, reports, and alerting frameworks.
Strong proficiency in Splunk Search Processing Language (SPL), field extractions, and data model creation.
Familiarity with Linux and Windows server environments, network protocols (TCP/IP, SNMP, syslog), and application log ingestion.
Understanding of NOC/SOC workflows, event correlation, and log management best practices.
Experience troubleshooting data ingestion, indexing, and search performance issues.
Excellent communication, documentation, and collaboration skills.
Certifications:
Active CompTIA Security+, CySA+, CASP+, CISSP, or equivalent DoD 8570 IAT Level II.
Preferred Qualifications:
Current Splunk Core Certified Power User, Admin, or Architect certification.
Experience supporting federal or DoD environments and familiarity with RMF (Risk Management Framework).
Experience with Python scripting, REST APIs, or JSON/XML parsing for custom integrations.
Working knowledge of NIST 800-53/171, and log retention / audit evidence requirements.
Experience with automation, orchestration, or SIEM/SOAR integration.
Key Competencies:
Strong analytical and problem-solving skills.
Ability to work under pressure in mission-critical environments.
Detail-oriented with strong organizational skills.
Self-motivated, adaptable, and able to operate effectively in a team or independently.
Commitment to continuous improvement and innovation in monitoring and analytics capabilities.
Tools & Technologies:
Splunk Enterprise / Cloud, Linux, Windows Server, Cisco and Palo Alto devices, AWS/Azure cloud services, Ansible, ServiceNow, Python, JSON, REST APIs, Syslog, SNMP, SOAR, GitLab CI/CD.
group id: 90940939
