Job Description
THIS POSITION REQUIRES US CITIZENSHIP!
This is a full-time hybrid remote position located in Washington, DC.
2HB is seeking a talented Splunk Engineer to join our team. The Splunk Engineer will install and maintain Splunk infrastructure, gather requirements from customers, onboard data, and assist end users with search, dashboards, reports, and knowledge objects.
Primary Responsibilities
List daily duties and/or specific job responsibilities.
Manage multiple assignments, changing priorities, and work independently with little oversight
Build, implement, and administer Splunk in Windows and Linux environments
Work with existing and custom Splunk applications and add-ons to fulfill customer needs
Provide operations and maintenance support for a distributed Splunk environment consisting of heavy forwarders, indexers, and search head servers, spanning security, performance, and operational roles
Editing and maintaining Splunk configuration files and apps
Onboard data to Splunk via forwarder, scripted inputs, TCP/UDP, and modular inputs from a variety of sources.
Provider operational support for Splunk Universal Forwarder on Linux and Windows endpoints
Manage, and support automation solutions for Splunk deployment and orchestration in on-premise and cloud environments
Documentation, reporting, presentation, teamwork, and DHS wide collaboration are among the expected duties and mission of the task order
Basic Qualifications
List the “must have” MINIMUM requirements to be considered for the position and ensure minimum quals fall within the minimum Leidos job code requirements. Example: Bachelors’ Degree with 6 years’ of applicable experience or 4 additional years’ of experience in lieu of degree. Must be able to obtain and maintain a TS/SCI Clearance. Must have 2+ years JAVA experience.
Bachelor’s degree in Computer Science, Engineering, or a related field and a minimum of eight (8) years of experience in system administration, database administration, network engineering, software engineering, or software development, with a concentration in Cybersecurity
Four (2) years of experience with Splunk in distributed deployments
At least one of the following certifications: CASP, GCIH, GCWN, GISF, GISP, GSSP, GICSP, GSSP, SEI, CISSP, CCSP, CSSLP, SSCP, CCNP, CCNP Security, CCIE Security, CEH, ECSP, MCSE, RHCA, RHCE, VCP, VCAP, VCIX, VCDX
Excellent written and oral skills, ability to work closely with multiple customers, manage expectations and track engagement scope
Experience with Splunk Enterprise Security or integration with other Security Information and Event Management (SIEM) platforms
Proficient at data on-boarding activities including routing, parsing, and normalizing events to the Splunk Common Information Model (CIM)
Proficiency onboarding data using Splunk developed add-ons for Windows, Linux, and common third-party devices and applications
Experience onboarding data into Splunk via forwarder, scripted inputs, TCP/UDP, and modular inputs from a variety of sources
Proficiency managing Splunk using the Splunk command-line interface
Proficiency managing Splunk using configuration files
Experience collaborating with separate engineering teams to configure data sources for Splunk integration
Proficiency implementing and onboarding data in Splunk DB Connect
Experience with Splunk performing systems administration, including performing installation, configuration, monitoring system performance and availability, upgrades, and troubleshooting
General networking and security troubleshooting (firewalls, routing, NAT, etc.)
Splunk implementation and troubleshooting experience
Experience in managing, maintaining, and administering multi-site indexer cluster
Proficiency developing log ingestion and aggregation strategies per Splunk best practices
Perform integration activities to configure, connect, and pull data with 3rd party software APIs
Proficient in regular expressions
Ability to autonomously prioritize and successfully deliver across a portfolio of projects
DHS Entry on Duty (EOD) is required to support this program
Preferred Qualifications
List additional skills and experience that is “nice to have” but not required.
Experience working in Azure
Experience with GitLab or GitHub or other version control system
Scripting and development skills (Bash, Python, and PowerShell)