Senior Splunk Engineer

Our client, a IT Solutions organization, is hiring a Senior Splunk Engineer to join the team in Virginia on a contract basis. The successful candidate will play a key role in developing secure, scalable, and resilient enterprise Splunk environments in support of critical national security initiatives.

Responsibilities

• Design, implement and maintain enterprise-scale Splunk environments, integrating CI/CD methodologies for streamlined automation.
• Leverage Terraform, Ansible and GitLab to build repeatable, scalable infrastructure deployments.
• Oversee Splunk upgrades and manage core components including Indexers, Search Heads and Universal Forwarders across distributed environments.
• Ingest, normalize and optimize a wide range of data sources – such as Syslog, HTTP Event Collector (HEC), and APIs – to maximize performance and minimize license impact.
• Develop and maintain standard operating procedures (SOPs), technical documentation, user guides and custom dashboards to support mission-critical analytics.
• Implement and maintain security hardening measures, including SSL configuration, STIG compliance and RHEL patching.
• Work closely with DevOps, Cloud and Security teams to deliver real-time security analytics using Splunk Enterprise Security (ES) and User Behavior Analytics (UBA).
• Act as a trusted technical liaison, collaborating directly with end users, analysts and government stakeholders to drive Splunk adoption and optimize system performance.

Skillset

• Active Top Secret/SCI (CI Poly preferred or ability to obtain) is a must.
• Minimum of 3 years of hands-on experience with Splunk Enterprise, including deployments, upgrades, and data ingestion/onboarding.
• Proficient in Linux (RHEL/CentOS) and Windows systems administration.
• Skilled in Infrastructure-as-Code using Terraform and Ansible for automated deployments.
• Strong scripting abilities with Python or Bash for automation and operational efficiency.
• Deep understanding of Splunk configuration files such as inputs.conf, props.conf and transforms.conf.
• Proven experience managing clustered Splunk environments on both bare metal and virtualized infrastructure.
• Splunk Certified Administrator required; Splunk Certified Architect preferred or in progress.
• Possession of CompTIA Security+ or other DoD 8570 IAT II compliant certification.
• Outstanding written and verbal communication skills, with the ability to thrive in a collaborative, agile environment.

51812