SIEM Data Onboarding Engineer - TS​/SCI CI Poly

The Splunk Engineer is responsible for managing and enhancing our Splunk environment to ensure seamless data ingestion, analysis, and visualization. This role demands a deep understanding of Splunk architecture, data onboarding, and user management to support business needs and security operations.

• Design, deploy, and manage Splunk infrastructure
• Develop and maintain Splunk dashboards, queries, and alerts
• Integrate Splunk with various data sources to ensure comprehensive data ingestion
• Monitor and troubleshoot Splunk performance issues
• Collaborate with cross‑functional teams to gather requirements and provide Splunk solutions
• Implement and enforce best practices for Splunk data management and retention
• Provide user training and support for Splunk‑related activities

• 2+ years of experience in managing and configuring Splunk, 2+ years of experience in Splunk architecture: indexers, search heads, forwarders, deployment server and 1+ year with Splunk REST API for automation and operational tasks
• 2+ years configuring Cribl sources, destinations, routes and collectors
• 2+ years building pipelines to parse, normalize, enrich, mask/dedup, and route data to Splunk and other targets and
• 2+ years authoring/maintaining props.conf, transforms.conf, inputs.conf, outputs.conf and packaging Apps/TAs
• 2+ years in Linux and Windows administration: file paths, services, permissions, and log locations
• 1+ year with basic familiarity with Cribl Redmap/JavaScript functions
• 1+ year with regex skills for field extraction and event breaking
• Active TS/SCI clearance; willingness to take a polygraph exam
• Associate’s degree and 5+ years of experience supporting IT projects and activities, OR Bachelor’s degree and 3+ years of experience supporting IT projects and activities, OR Master’s degree and 1+ years of experience supporting IT projects and activities, OR 10+ years of experience supporting IT projects and activities in lieu of a degree
• DoD 8570 IAT Level II certification, including Security+ CE, CCNA‑Security, GSEC, SSCP, CySA+, GICSP, or CND certification
• Must obtain a DoD 8570 Cyber Security Service Provider - Infrastructure Support certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND certification prior to start date

• 1 year experience with DISA STIGs or other organizational hardening standards working in regulated environments
• 2+ years Networking fundamentals: TCP/UDP, TLS, syslog transport, firewall ports and common transport issues
• 2+ years in basic troubleshooting with tools such as tcpdump/wireshark, basic vi/vim usage, setfacl, SELinux
• Knowledge of common log formats: syslog, Windows Event, JSON, CSV, XML
• Proficient in SPL for validation, troubleshooting and basic dashboards.
• Experience with scripting languages such as Python, Bash, or Power Shell
• Strong communication skills
• Load‑Balancer fundamentals
• Knowledge of Git for code version control
• Knowledge of Ansible playbooks
• Knowledge of Python scripting

Essential Network Security (ENS) Solutions, LLC is a service‑disabled veteran owned, highly regarded IT consulting and management firm. ENS consults for the Department of Defense (DoD) and Intelligence Community (IC) providing innovative solutions in the core competency area of Identity, Credential and Access Management (ICAM), Software Development, Cyber and Network Security, System Engineering, Program/Project Management, IT support, Solutions, and Services that yield enduring results.

Our strong technical and management experts have been able to maintain a standard of excellence in their relationships while delivering innovative, scalable and collaborative infrastructure to their clients.

• Free Platinum‑Level Medical/Dental/Vision coverage, 100% paid for by ENS
• 401k Contribution from Day 1
• PTO + 11 Paid Federal Holidays
• Long & Short Term Disability Insurance
• Group Term Life Insurance
• Tuition, Certification & Professional Development Assistance
• Workers’ Compensation
• Relocation Assistance