Splunk Engineer Jr.

Splunk Engineer Jr.

The Splunk Engineer Jr. is equivalent to a mid-level engineer at the Department of Homeland Security (DHS). DHS Customs and Border Protection (CBP) Security Operations Center (SOC) is a US Government program responsible to prevent, identify, contain, and eradicate cyber threats to CBP networks through monitoring, intrusion detection and protective security services to CBP information systems including local area networks/wide area networks (LAN/WAN), commercial Internet connection, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations. The CBP SOC is responsible for the overall security of CBP Enterprise-wide information systems, and collects, investigates, and reports any suspected and confirmed security violations. Leidos currently has a need for a Splunk Engineer for this highly visible cyber security program supporting Customs and Border Protection (CBP) security operations center (SOC). The Splunk Engineer will support the full system engineering life cycle, including requirements analysis, design, development, implementation, integration, test, and documentation. The Splunk Engineer will follow defined best practices and operational workflows.

Primary Responsibilities:

The Splunk Engineer will provide overall engineering, and administration in supporting a very large distributed clustered Splunk environment consisting of search heads, indexers, deployers, deployment servers, heavy/universal forwarders, and Splunk Enterprise Security premium apps, spanning security, performance, and operational roles. The Engineer should be proficient with recognizing and onboarding new data sources into Splunk, building dashboards, searches, reports, etc. The Splunk engineer should be proficient within a Linux environment, editing and maintaining Splunk configuration files and apps. In addition, the Splunk engineer should be familiar with ansible or other automation tools.

Basic Qualifications:

• A minimum of a Bachelor’s degree with 3-8 years' experience in the Information Technology arena.
• Additional Cyber Security Certifications and experience may be considered in lieu of Bachelor’s degree.
• A combination of 3+ Years experience in Linux, Splunk, Ansible, app interface development, using REST APIs, or other Cyber technologies.
• Ability to follow Change & Configuration Management, utilizing automation tools, such as Git.
• 3+ years of experience in a Splunk role working in a Splunk clustered environment, with experience in Splunk premium app management (Enterprise Security, ITSI).
• Strong problem-solving abilities with an analytic and qualitative eye for reasoning under pressure.
• Self-starter with the ability to independently prioritize and complete multiple tasks with little to no supervision.
• Knowledge of Cloud Services such as AWS, Office365.
• Understanding and usage of Regex.
• Experience with scripting languages, such as Python, Bash, Visual Basic or PowerShell.
• Possess baseline security certification to meet DoD 8570 at IAT II requirements, such as Security +.
• Understanding basic networking principles or Enterprise network design.
• Must be a US Citizen.

Must have at least one of the following certifications:

• Splunk Enterprise Security Certified Admin
• Splunk IT Service Intelligence Certified Admin
• Splunk Cloud Certified Admin
• Splunk SOAR Certified Automation Developer
• Splunk Certified Developer
• Splunk Enterprise Certified Admin
• Splunk Enterprise Certified Architect
• Splunk Core Certified Consultant
• Must have a current or be able to favorably pass a 5-year (BI) Background Investigation to join this program.

Preferred Qualifications:

• Experience in automating Splunk Deployments and orchestration within a Cloud environment.
• Experience with FISMA Systems requirements.
• Experience with Confluence, JIRA, ServiceNow.
• Splunk Certified Developer certification.