Splunk Engineer

Zermount seeks an experienced Splunk Engineer to support an enterprise security, operations, and monitoring environment. You will engineer, administer, maintain, and enhance Splunk to ensure performance, scalability, and operational effectiveness, working closely with infrastructure, network, and security teams in a formal change/ticket environment.Responsibilities: Engineer/admin Splunk Enterprise (implement, configure, troubleshoot, patch/upgrade); design/evaluate distributed/clustered architecture and recommend improvements; onboard/ingest/parse/normalize data (network/app/DB/cloud); build/maintain custom parsers, field extractions, data models, and knowledge objects; install/maintain Splunk apps/add-ons; develop SPL searches, alerts, reports, dashboards and improve detections/reporting; monitor/optimize health, connectivity, performance, license use; tuning/capacity planning and daily health checks; lifecycle: major upgrades, patching, backup validation, restore testing, decommissioning; admin Splunk on RHEL (accounts/access controls, certs, .conf management, config backups); troubleshoot ingestion/integration issues and coordinate with teams/vendors; produce technical documentation and architecture/data-flow diagrams; track/report work via tickets/dashboards; provide cross-functional engineering support.Qualifications: 5+ yrs enterprise Splunk engineering/admin (distributed/clustered); strong ingestion/normalization/field extractions/custom parsing; advanced SPL; Linux/RHEL install/config/upgrade/tuning; integrations incl DB Connect + SQL, syslog-ng on RHEL/SELinux, scripting (Python/Bash/PowerShell); Cribl administration and license-reduction strategies; production major upgrades; strong documentation/diagramming.Certs: Required-Splunk Certified Administrator (or higher) AND 1 DoD 8140 IAT Level II baseline security cert. Preferred-Splunk Architect/Core Consultant, Linux admin, Cribl.Clearance: Minimum Background Investigation.

Created: 2026-03-04