Senior Splunk Engineer

Description Job Description:Looking for an opportunity to support cyber security efforts with national impact? The Enterprise and Cyber Solutions Operation at Leidos currently has an opening for a Senior Splunk Engineer to work at the White House Communications Agency on Joint Base Anacostia-Bolling. Our team supports our customer''s mission critical operation to protect the Presidential Information Technology Community networked systems and services from cyber threats. The Senior Splunk Engineer will maintain Splunk infrastructure, gather requirements from customers, onboard data, and assist end users with searches, dashboards, reports, and knowledge objects. The Senior Splunk Engineer may be required to interact with senior management, as necessary.This is a hybrid position allowing 25% telework with 75% of the time spent on-site at JBAB. An active TS/SCI is required to start.Primary ResponsibilitiesImplement best practices engineering strategies to support a distributed clustered Splunk environment consisting of Search Heads, Indexers, Forwarders, Splunk Enterprise Security (ES) app spanning security, performance, engineering, and operational rolesWork closely with other teams and business stakeholders to design automated solutions for performance, privacy, and complianceBe the engineering voice in helping recognize and onboard new data sources into Splunk, analyze the data for anomalies and trends, and building dashboards highlighting the key trends of the dataWork closely with other teams and business stakeholders to gather requirements, perform troubleshooting, and provide assistance with the creation of Splunk search queries and dashboardsDevelop solutions for profiling, monitoring, reporting and testing on the platformEnable integration of Splunk Core and Splunk ESConfigure incident response and remediation workflows for ESNormalize data to ensure CIM compliance, and develop data models to accelerate queries, dashboards, and correlation searchesWork closely with all relevant stakeholders to solve technical problems at the network, system, and application levelsDevelop and implement applications & knowledge objects (KO) like dashboards, reports, and data modelsProvide analyst training and workshops on using Splunk for multiple networksConduct periodic architectural reviews of Splunk and related systems to assess effectiveness and propose optimal installation alternatives as requiredDevelop and manage comprehensive documentation, artifacts, procedures, and processes for the optimal management of the Splunk infrastructureBasic QualificationsMust be able to pass Yankee White clearance processing prior to start.Current DoD TS/SCI security clearance.Bachelor''s degree in Computer Science, Engineering, or a related field and a minimum of 12+ years of experience in system administration, database administration, network engineering, software engineering, or software development, with a concentration in CybersecurityEight (8) years of experience with Linux and Windows system administration or an advanced understanding of operating systems and common operating environmentsFive (5) years of experience administering Splunk in distributed deploymentsExcellent written and verbal communication skills, ability to work closely with multiple customers, manage expectations and track engagement scopeProficient at data on-boarding activities including routing, parsing, and normalizing events to the Splunk Common Information Model (CIM)Proficient onboarding data using Splunk add-ons for Windows, Linux, and common third-party devices and applicationsExperience onboarding data into Splunk via forwarder, scripted inputs, and modular inputs from a variety of sourcesExperience with Splunk performing systems administration, including performing installation, configuration, monitoring system performance and availability, upgrades, and troubleshootingGeneral knowledge of networking and security troubleshooting (firewalls, routing, NAT, etc.)Splunk implementation and troubleshooting experienceProficiency developing log ingestion and aggregation strategies per Splunk best practicesPerform integration activities to configure, connect, and pull data with 3rd party software APIsAbility to autonomously prioritize and successfully deliver resultsMust have a Splunk Certified Architect certificationMust have a DoD 8570 IAT Level II (or Level III) certification (e.g. Sec+ CE)Must have a DoD 8570 CSSP Infrastructure Support certification (e.g. CEH, CySA+, SSCP), OR able to obtain one within 180 days of starting.Pay Range:Pay Range $113,100.00 - $174,000.00 - $234,900.00The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

Created: 2025-11-15