Splunk Engineer

About The Position

Requirements

• Candidates must be U.S. citizens.
• Candidates must be willing and able to work as Ashburn W-2 employees. 1099 and corp-to-corp arrangements are not permitted for these roles.
• DHS EOD / suitability is required.
• 10+ years of experience designing, implementing, and maintaining Splunk architecture across diverse Government or similarly complex enterprise environments.
• Experience supporting Splunk across Windows, Linux, Solaris, and macOS environments.
• Hands-on expertise with core Splunk components: Indexer, Search Head, Deployer, Deployment Server, License Master, Heavy Forwarder, Universal Forwarder.
• Experience with Splunk authentication methods such as LDAP and SAML.
• Experience managing Splunk indexer and search clusters.
• Experience configuring Splunk through configuration files and implementing policies, procedures, and standards for secure and efficient Splunk operations.
• Advanced ability to use Splunk to extract, transform, analyze, and visualize data for actionable security and operational insights.
• Experience developing advanced Splunk queries, dashboards, reports, alerts, and data models.
• Experience conducting application performance and capacity analysis.
• Advanced scripting experience using Shell, Python, JavaScript, XML, CSS, or equivalent tools.
• Experience configuring data collection applications such as Splunk DB Connect and the Splunk App for AWS.
• Experience deploying or supporting Splunk Cloud services on AWS.

Nice To Haves

• Prior DHS, DOD / DOW, or federal civilian cybersecurity program experience.
• Experience supporting large, multi-datacenter Splunk clusters.
• Experience improving log coverage, log quality, data source onboarding, dashboards, anomaly detection, and security analytics.
• Splunk certifications strongly preferred.
• Experience working in DevSecOps, cybersecurity operations, or enterprise security architecture environments.

Responsibilities

• Architect, deploy, operate, and maintain enterprise Splunk infrastructure.
• Support SIEM data ingestion, indexing, normalization, dashboarding, alerting, and operational reporting.
• Develop dashboards and visualizations for security, operations, and mission stakeholders.
• Manage Splunk configurations, search/index clusters, data models, alerts, reports, saved searches, and knowledge objects.
• Support account/access management, server management, monitoring, patching, Splunk version upgrades, and app/add-on maintenance.
• Improve log source coverage and quality across enterprise systems and applications.
• Use scripting and automation to improve SIEM operations and support security analytics.
• Support federal cybersecurity standards, secure configuration, and audit-ready documentation.

Benefits

• Equal Opportunity Employer/Veterans/Disabled. An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status
• Ashburn Consulting is an Equal Opportunity Affirmative Action Employer.
• In compliance with the American with Disabilities Act Amendments Act (ADAAA), if you have a disability and would like to request and accommodation in order to apply for a position with Ashburn Consulting, please e-mail [email protected].