Job Description Everforth ECS is seeking a
Sr. Splunk Engineer to join our team
remotely .
This position is contingent upon contract award. Are you passionate about designing, scaling, and operating Splunk environments and eager to make an immediate technical impact? Join ECS, a leading provider of cloud, AI, data, and enterprise transformation solutions. In this role, you will implement, optimize, and maintain large-scale Splunk platforms while contributing to architecture, automation, and client-facing solutions that improve reliability, performance, and operational efficiency.
We are seeking a Sr. Splunk Engineer to join our Professional Services team. The ideal candidate has deep, hands-on experience with Splunk Enterprise and/or Splunk Cloud and enjoys working directly with customers to design, deploy, and optimize complex observability and SIEM platforms. You will collaborate with cloud, DevOps, security, and client stakeholders to deliver high-quality Splunk solutions across a variety of enterprise and federal environments.
Key Responsibilities
- Design, deploy, and maintain Splunk Enterprise and Splunk Cloud environments, including indexers, search heads, forwarders, and management components.
- Lead customer-facing implementations of Splunk for observability, security monitoring, compliance, and operational intelligence.
- Develop and optimize data onboarding, ingestion pipelines, indexing strategies, SPL searches, dashboards, alerts, and correlation searches.
- Design and implement Splunk use cases aligned to customer requirements and mission outcomes.
- Write scripts, automation, and integrations (Python, PowerShell, Bash, etc.) to improve data ingestion, enrichment, monitoring, and platform operations.
- Deploy and operate Splunk across on-premises, public cloud (AWS, Azure, Google Cloud Platform), GovCloud, and hybrid environments.
- Automate deployments and environment management using Terraform, Ansible, CI/CD pipelines, and infrastructure-as-code practices.
- Integrate Splunk with enterprise and security tooling, including endpoint, identity, cloud, and network telemetry sources.
- Monitor platform health, troubleshoot performance issues, and optimize Splunk environments for scalability, resilience, and cost efficiency.
- Provide technical leadership through architecture design sessions, best-practice guidance, and implementation reviews.
- Create and maintain documentation including solution architectures, deployment patterns, runbooks, and handoff materials.
- Stay current with Splunk features, apps, and emerging observability and SIEM capabilities.
Salary Range: $140,000 - $190,000
Required Skills - Deep, hands-on expertise with Splunk (Splunk Enterprise and/or Splunk Cloud).
- Strong experience with SPL, data onboarding, indexer/search head architecture, and performance tuning.
- Solid understanding of SIEM, observability, logging, metrics, and distributed systems.
- Experience designing, deploying, and operating production-scale Splunk environments.
- Strong scripting and automation skills (Python, PowerShell, Bash, etc.).
- Experience working in customer-facing or professional services environments.
- Strong Linux/Unix, networking, and cloud platform experience (AWS, Azure, Google Cloud Platform).
- Ability to explain complex technical concepts clearly to both technical and non-technical stakeholders.
- Excellent verbal and written communication skills.
- Willingness and ability to support domestic or international on-site engagements.
- U.S. Passport required.
- Must be eligible to obtain a U.S. Security Clearance.
-
Desired Skills - Experience with Splunk Enterprise Security (ES), SOAR, or advanced SIEM use cases.
- Working knowledge of Elastic Stack (Elasticsearch, Kibana, Logstash, Beats) for hybrid environments or comparative architectures.
- Experience with containerization and orchestration (Kubernetes, Docker, OpenShift).
- Experience with automation and configuration management tools (Terraform, Ansible, CI/CD pipelines).
- Familiarity integrating Splunk with endpoint security, cloud-native logging, and telemetry platforms.
Certifications (preferred):
- Splunk Core Certified Power User / Advanced Power User / Enterprise Architect
- Splunk Enterprise Security Certified Admin
- AWS Certified Solutions Architect or equivalent
- Docker Certified Associate (DCA)
- Certified Kubernetes Administrator (CKA)
- HashiCorp Certified: Terraform Associate
- Red Hat Certified Specialist in Ansible Automation
Additional Experience:
- Background in Professional Services, DevOps, SRE, or Cloud Engineering.
- Experience designing dashboards, detection frameworks, and large-scale operational or security workflows.
- Familiarity with adjacent or competing technologies:
- Splunk (primary)
- Elastic Stack
- OpenSearch, Graylog, Datadog, Solr, Lucene, and related platforms
#EverforthECS1ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
Everforth ECS is the federal segment of
Everforth , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
- Attracting and developing top talent and high-performing teams
- Fostering a culture that is engaging, accountable, and mission-driven
Meet the challenge. Make a difference with Everforth ECS! 
Never miss an opportunity! Create an alert based on the job you applied for.
