Splunk Engineer with Security Clearance

Primary Responsibilities • Conceptualize, Design, Build, and Maintain current and future ESOC supported tools and platforms.• Manage multiple assignments, changing priorities, and work independently with little oversight.• Provide direct support for onboarding data into Splunk via forwarder, scripted inputs, TCP/UDP and modular inputs from sources such as FireEye, BlueCoat proxies, Big IP, Cisco, Palo Alto, host syslogs, etc.• Support all support, guidance and develop processes to evaluate and improve all operating systems, hardware support, software, firmware solutions and provide advisement concerning future purchase of the same.• Create, manage, and support automation solutions for Splunk deployment and orchestration within a Cloud environment.• Work closely with senior engineers, other team members and application owners to solve technical problems at the network, system and application levels.• Conduct periodic architectural reviews of installed sensors to assess effectiveness and propose optimal installation alternatives as required.• Conduct network security architecture reviews to determine the size, and placement of intrusion monitoring equipment during the customer onboarding process.• Conduct periodic reviews of sensor metric reports to evaluate and prioritize sensors for review and assessment.• Assists in interviews to identify and make recommendations for security tools, systems and capabilities to meet customer security requirements.• Documentation and Reporting along with presentation, teamwork and DHS wide collaboration are among the expected duties and mission of the task order.Basic Qualifications • At least three (3) years of experience with Splunk.• Experience onboarding data into Splunk via forwarder, scripted inputs, TCP/UDP and modular inputs from a variety of sources.• General networking and security troubleshooting (firewalls, routing, NAT, etc.)• Splunk architecture/design, implementation, and troubleshooting experience• Experience in managing, maintaining, and administering multi-site indexer cluster• Scripting and development skills (BASH, python, or java) with strong knowledge of regular expressions• Proficiency developing log ingestion and aggregation strategies per Splunk best practices• Expertise developing security-focused content for Splunk, including creation of complex threat detection log and operational dashboards• Perform integration activities to configure, connect, and pull data with 3rd party software APIs.• Ability to autonomously prioritize and successfully deliver across a portfolio of projects• Undertakes day-to-day operational and user support• Department of Homeland Security ESOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program.Preferred Qualifications • Splunk Enterprise Security experience• Certified Splunk Architect• Experience with GitLab or GitHub or other version control system• Experience with Ansible tower and/or writing ansible playbooks• Familiarity with multi-tenancy customer support and design

Created: 2025-11-15