Senior Splunk Engineer

Job Description 
Our client is seeking a Senior Splunk Engineer to support a federal cybersecurity 
architecture opportunity. This Key Personnel role will support enterprise SIEM operations, 
Splunk architecture, data ingestion, dashboards, alerting, analytics, secure configuration, 
and performance optimization in a complex Government environment for a proposal 
opportunity. 

Primary Responsibilities 
• Architect, deploy, operate, and maintain enterprise Splunk infrastructure. 
• Support SIEM data ingestion, indexing, normalization, dashboarding, alerting, and 
operational reporting. 
• Develop dashboards and visualizations for security, operations, and mission 
stakeholders. 
• Manage Splunk configurations, search/index clusters, data models, alerts, reports, 
saved searches, and knowledge objects. 
• Support account/access management, server management, monitoring, patching, 
Splunk version upgrades, and app/add-on maintenance. 
• Improve log source coverage and quality across enterprise systems and 
applications. 
• Use scripting and automation to improve SIEM operations and support security 
analytics. 
• Support federal cybersecurity standards, secure configuration, and audit-ready 
documentation. 

Qualifications 
Required Qualifications 
 
• Candidates must be willing and able to work as Ashburn W-2 employees. 1099 and 
corp-to-corp arrangements are not permitted for these roles. 
• DHS EOD / suitability is required. 
• 10+ years of experience designing, implementing, and maintaining Splunk 
architecture across diverse Government or similarly complex enterprise 
environments. 
• Experience supporting Splunk across Windows, Linux, Solaris, and macOS 
environments. 
• Hands-on expertise with core Splunk components: Indexer, Search Head, Deployer, 
Deployment Server, License Master, Heavy Forwarder, Universal Forwarder. 
• Experience with Splunk authentication methods such as LDAP and SAML. 
• Experience managing Splunk indexer and search clusters. 
• Experience configuring Splunk through configuration files and implementing 
policies, procedures, and standards for secure and efficient Splunk operations. 
• Advanced ability to use Splunk to extract, transform, analyze, and visualize data for 
actionable security and operational insights. 
• Experience developing advanced Splunk queries, dashboards, reports, alerts, and 
data models. 
• Experience conducting application performance and capacity analysis. 
• Advanced scripting experience using Shell, Python, JavaScript, XML, CSS, or 
equivalent tools. 
• Experience configuring data collection applications such as Splunk DB Connect and 
the Splunk App for AWS. 
• Experience deploying or supporting Splunk Cloud services on AWS. 

Preferred / Strongly Desired Qualifications 
• Prior DHS, DOD / DOW, or federal civilian cybersecurity program experience. 
• Experience supporting large, multi-datacenter Splunk clusters. 
• Experience improving log coverage, log quality, data source onboarding, 
dashboards, anomaly detection, and security analytics. 
• Splunk certifications strongly preferred. 
• Experience working in DevSecOps, cybersecurity operations, or enterprise security 
architecture environments.