Splunk Engineer

SPLUNK ENGINEER

MILITARY FRIENDLY & PREFERRED - HOH SPONSOR

Zermount is seeking an experienced Splunk Engineer to support our clients enterprise security operations and monitoring environment. This role is responsible for the engineering ongoing administration maintenance and enhancements of our clients Splunk environment ensuring performance scalability and operational effectiveness.

The ideal candidate brings proven operational experience in Splunk engineering and data ingestion strong experience working within structured change management environments and the ability to collaborate across infrastructure network and security teams.

RESPONSIBILITIES

• Engineer implement configure administer maintain upgrade patch and troubleshoot the Splunk Enterprise platform in accordance with client policies
• Design and continuously evaluate Splunk architecture to ensure scalability performance and alignment with current and future operational requirements; assess existing implementations and recommend enhancements or redesigns
• Onboard ingest parse normalize and troubleshoot new and existing data sources including network traffic application logs databases and cloud platforms
• Develop and maintain custom data parsers field extractions and data models to ensure accurate and efficient data integration across enterprise systems
• Install configure upgrade and maintain Splunk Apps Add-ons and knowledge objects; extend platform functionality to meet operational needs.
• Develop and maintain custom searches alerts reports and dashboards to support internal stakeholders SOC leadership and external users; review and enhance detection and reporting capabilities.
• Monitor and optimize Splunk system performance connectivity license utilization and overall platform health; conduct system tuning and capacity planning. Provide daily health check reports to management and stakeholders.
• Perform major version upgrades and support full platform lifecycle management including patching backup validation restoration testing and decommissioning activities
• Administer and troubleshoot Splunk infrastructure hosted on RHEL servers including user account management access controls certificate maintenance logging configuration and configuration backups
• Troubleshoot ingestion failures platform issues and integration challenges; coordinate with internal teams and external vendors through issue resolution
• Develop technical documentation architecture and data flow diagrams and implementation strategies; participate in design reviews testing cycles and change management processes
• Collaborate with stakeholders and management to define requirements translate business needs into technical deliverables and provide accurate status updates
• Track manage and report on work through schedules tickets (service request incident) workflows status reports dashboards etc.
• Provide engineering administrative and technical support as required to other team members or tools as a member of a cross functional security engineering team.

QUALIFICATIONS

• 5 years of hands-on experience engineering and administering enterprise Splunk environments including multi-site clustered and distributed architectures.
• Demonstrated expertise in log ingestion data normalization field extractions and custom parser development across diverse data sources (network application database cloud).
• Proficient with Splunk Search Processing Language (SPL) including development of complex searches alerts reports and dashboards.
• Experience installing configuring upgrading and performance tuning Splunk Enterprise in Linux environments (RHEL) including direct configuration of Splunk .conf files.
• Experience integrating Splunk with enterprise security and operational tools including:
• Splunk DB Connect and custom SQL queries
• syslog-ng configuration on RHEL (SELinux environments)
• Custom integrations using Python Bash or PowerShell
• Experience supporting and optimizing distributed data pipelines including administration of Cribl deployments and strategies to manage and reduce Splunk license consumption.
• Experience performing major version upgrades and lifecycle management activities within production environments.
• Experience operating within formal change management and ticket-driven workflows.
• Ability to produce technical documentation architecture diagrams and implementation artifacts.

EDUCATION / CERTIFICATION(S)

• Required: A minimum of Splunk Certified Administrator Certification or higher AND at least one IT Security certification reflected on the DOD 8140 IAT level II baseline.
• Preferred: The following are additional certifications that are preferred but not required: Splunk Certified Architect or Splunk Core Consultant; Linux Administration and Cribl Certification

CLEARANCE

• Minimum Background Investigation

HOURS OF OPERATIONS

• 8:00 am ET 4:00 pm ET
• After hours support maybe required to support emergency changes or system outages

Required Experience:

IC