Splunk Ingest Engineer

Splunk Ingest Engineer

As a Splunk Ingest Engineer, you will be entrusted with the critical role of maintaining and expanding our Splunk infrastructure. Your day-to-day responsibilities will include health checks, maintenance, and deployment activities that are crucial for the seamless operation of our Splunk ecosystem.

The company is located in the D.C. Metro area. This position is a 12 month contract-to-hire and will remain 100% remote.

What You Will Be Doing:

• Perform daily health checks to ensure optimal performance and security of the deployed Splunk infrastructure.
• Carry out routine maintenance activities, including:
  • Applying OS patches and upgrades to ensure system integrity.
  • Upgrading Splunk Enterprise and associated apps, including Splunk Enterprise Security (ES)
  • Managing SSL certificates for secure communications
  • Conducting regular backups and restoration operations when necessary
• Deploy new Splunk infrastructure and AWS services, involving:
  • Scaling Splunk Indexer Cluster and Search Head Cluster
  • Server resizing to meet operational demands.
  • Configuration of AWS resources such as S3 buckets, Load Balancers, Security Groups, and IAM Roles and Policies
• Implement new Splunk configurations, including:
  • Custom app development tailored to business requirements.
  • Creation and management of indexes utilizing Smart Store technology.
• Oversee the deployment and maintenance of log ingest mechanisms:
  • Manage Universal Forwarders and Deployment Server operations.
  • Configure props/transforms for data parsing and enrichment.
  • Integrate HTTP Event Collector (HEC) for data ingestion.
  • Monitor files, databases, and other data sources using tools like DB Connect and syslog/SC4S.
  • Ensure log ingest processes are compliant with the Common Information Model (CIM) and facilitate Data Model Acceleration.

Required Skills & Experience:

• Bachelor's degree in Computer Science, Information Security, or related field or equivalent professional experience
• Effective communication and collaboration skills
• Problem-solving skills and the ability to think strategically about security.
• Continuous learning mindset to stay updated with the rapidly evolving cyber threat landscape.
• Minimum 3 years of hands-on experience in Splunk Administration
• The below ideal core competencies and experience should align candidates for success in the NS2 Environments:
  • Windows and Linux operating system administration
  • Hardware, software, and network-level troubleshooting
  • Automation via infrastructure as Code (IaC), e.g., Terraform, Ansible, etc.
  • Programming/scripting experience e.g.: Python, PowerShell, Bash, Golang, C, JS, SQL, etc.
  • Log management and parsing strategies
  • CI/CD pipeline experience e.g.: Jenkins, Concourse, GitHub Actions, etc.
  • Cloud Platforms, e.g., AWS, Azure, Google Cloud Platform
  • Familiarity with security compliance frameworks and regulations such as NIST 800-171 or 800-53

Desired Skills & Experience:

• Splunk Architect certification
• Splunk Administrator certification
• Red Hat Enterprise Linux certifications, such as RHCSE or RHCSA
• Cloud provider (AWS, Azure, Google Cloud Platform) certifications
• Prior DoD or FedRAMP experience

Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.
This position doesn't provide sponsorship.