Splunk Engineer

Location: Oak Ridge, TN

Job Title: Splunk Engineer

Career Level From: Specialist

Career Level To: Senior Specialist

Job Specialty: Architecture And Engineering

The Splunk Engineer is responsible for configuring, maintaining, auditing, and customizing Splunk Enterprise clusters to include Splunk Enterprise Security. The Splunk Engineer will manage and support analyst workflows, enrich data for enterprise security, and manage and customize configurations. In addition, the Splunk Engineer configures general settings, manages input credentials and permissions, customizes menus, and configures advanced filtering within the Splunk enterprise environment.

Successful candidates for this role will be expected to stay up to date on the latest cybersecurity threat intelligence sources, and provide subject matter expertise (SME).

• Implements and maintains Splunk platform infrastructure (multi-cluster) and relevant configurations.
• Staffs help desk for Splunk platform system-related assistance and undertakes day-to-day operational and user support – as it relates to the administration of configuration items of the Splunk servers and Splunk SIM/SIEM software.
• Develops and customizes Splunk system core “splunkd” components, apps and dashboards and implements integration with external systems.
• Builds advanced visualizations and manages data onboarding and defining configurations.
• Builds data models and performs data interpretation, classification, and enrichment.
• Experience with data entity relationship diagrams, ontologies and relationship definitions.
• Manages knowledge objects (fields, extractions, tags, event types, lookups, workflow actions, aliases, macros, and so on) – through automations, scripting, management server functions; to include .conf and .cfg files in scope of the last four Splunk Enterprise versions.
• Configures summary-based reports and data model acceleration
• Leveraging SPL, Python, Python libraries, Adobe Acrobat, .PDF and .CSV file types.
• Executes new projects as well as data and user onboarding.
• Designing and developing an automations workflow and dashboard interface for such.
• Creates operations documentation for maintaining the Splunk infrastructure.
• Uses tools such as CRIBL to pre-process data to be ingested by Splunk

• Meaningful work and unique opportunities to support missions vital to national and global security
• Top-notch, dedicated colleagues
• Generous pay and benefits with a stable organization
• Career advancement and professional development programs
• Work-life balance fostered through flexible work options and wellness initiatives

• Bachelor's degree in a relevant discipline with a minimum of 5 years of relevant experience OR a Master's degree in a relevant discipline with a minimum of 3 years of relevant experience.
• Thirteen or more years of relevant education, training, and/or progressive experience may be considered to satisfy educational and years-of-experience requirements for this posting.

• Masterful experience with Splunk Enterprise architecture components and supporting instances such as heavy and light forwarder nodes, load balancing, license management, configuration deployment manager, and centralized automations for distributed Splunk cluster architectures.
• Strong understanding of Splunk platform configuration, web UI and Common Information Model, .cfg and .conf files.
• Experience with Splunk Search Processing Language (SPL and SPL2), sub-searches and sub-queries or batch commands to include native functions to include use of Python and Python libraries.
• Knowledge of Splunk solution expert as well as Splunkbase.
• Knowledge of Windows AND
  * nix systems administration
• Strong Networking background and familiarity with common infrastructure technologies and can demonstrate applicable knowledge in tuning Splunk Architecture to meet the maximum performance characteristics of the topology limits.
• Experience with Windows and “Nix operating systems supporting the Splunk Enterprise daemons of which performance settings is expected second nature; thereby allowing most secure and performant Splunk systems environment.
• Strong…