Splunk Engineer

FEDITC, LLC is a fast-growing business supporting DoD and other intelligence agencies worldwide. FEDITC develops mission critical national security systems throughout the world directly supporting the Warfighter, DoD Leadership, & the country. We are proud & honored to provide these services.

Overview of position:

FEDITC is seeking Network Engineer – Senior in the DHS HQ (TSA Springfield, VA), Stennis Data Center, or CONUS - Telework Authorized, Remote Hybrid

Primary Responsibilities

• Design, configure, and maintain Splunk infrastructure to support security monitoring, data analytics, and operational efficiency.
• Develop and manage Splunk dashboards, alerts, reports, and visualizations that provide actionable insights for security operations and compliance auditing.
• Optimize Splunk queries (SPL) to meet agency-specific requirements for real-time monitoring, threat detection, and log analysis.
• Ensure timely onboarding of new data sources into Splunk, ensuring compliance with government data management and retention policies.
• Collaborate with internal cybersecurity, IT, and SOC teams to support threat hunting, incident response, and root-cause analysis using Splunk.
• Troubleshoot and resolve issues related to Splunk performance, indexing, and data accuracy, with a focus on maintaining compliance with government security standards (e.g., NIST, FISMA, CMMC).
• Manage Splunk upgrades, patches, and configuration changes in accordance with Change Management policies and procedures.
• Assist in maintaining Splunk environments in both on-premises and cloud-based government environments.
• Produce detailed documentation of system configurations, workflows, and processes for compliance audits and security reviews.
• Support the automation of incident detection and response processes through Splunk integrations with security orchestration tools.
• Create, manage, and support automation solutions for Splunk deployment and orchestration within a Cloud environment.
• Work closely with senior engineers, other team members and application owners to solve technical problems at the network, system and application levels.
• Conduct periodic architectural reviews of installed sensors to assess effectiveness and propose optimal installation alternatives as required.
• Conduct network security architecture reviews to determine the size, and placement of intrusion monitoring equipment during the customer onboarding process.
• Documentation and Reporting along with presentation, teamwork and DHS wide collaboration are among the expected duties and mission of the task order.
• Build, implement and administer Splunk in Windows and Linux environments.
• Conceptualize, Design, Build, and Maintain current and future NOSC supported tools and platforms

Preferred Qualifications

• 5 years or more of experience in Splunk engineering, administration, and data integration within government or highly regulated environments.
• Strong knowledge of Splunk SPL (Search Processing Language) to build complex queries and optimize data extraction.
• Experience with integrating, normalizing, and managing log data from various sources, including network devices, servers, cloud services, and security tools.
• Familiarity with federal security frameworks and regulations (e.g., NIST, FISMA, CMMC, FedRAMP).
• Hands-on experience with Splunk Enterprise Security (ES) and developing security use cases for monitoring and incident detection.
• Strong understanding of network security principles, operating systems (Windows, Linux), and cybersecurity tools commonly used in government environments.
• Ability to troubleshoot and resolve issues related to system performance, log ingestion, and Splunk search efficiency.
• Experience working with cross-functional teams, including IT, security operations, and compliance.
• Proficiency managing Splunk using the Splunk command-line interface and config files
• Experience onboarding data into Splunk via forwarder, scripted inputs, TCP/UDP and modular inputs from a variety of sources.
• Proficiency onboarding data using Splunk developed add-ons for Windows, Linux, and common third-party devices and applications
• Experience collaborating with separate engineering teams to configure data sources for Splunk integration
• Experience in Linux, Windows and SQL/ODBC interfaces
• Proficiency implementing and onboarding data in Splunk DB Connect
• Experience with Splunk performing systems administration, including performing installation, configuration, monitoring system performance and availability, upgrades, and troubleshooting
• Experience developing in XML, Bash, JavaScript and Python, Perl, PowerShell scripts
• General networking and security troubleshooting (firewalls, routing, NAT, etc.)
• Splunk architecture/design, implementation, and troubleshooting experience
• Experience in managing, maintaining, and administering multi-site indexer cluster
• Scripting and development skills (BASH, python, or java) with strong knowledge of regular expressions
• Proficiency developing log ingestion and aggregation strategies per Splunk best practices
• Proficiency normalizing data to Splunk Common Information Model (CIM)
• Experience implementing and optimizing Splunk data models
• Expertise developing security-focused content for Splunk, including creation of complex threat detection log and operational dashboards
• Perform integration activities to configure, connect, and pull data with 3rd party software APIs.
• Ability to autonomously prioritize and successfully deliver across a portfolio of projects
• Undertakes day-to-day operational and user support
• Must be willing to participate to a rotating on-call support (24/7/365) for nights, weekends, holiday issues.
• Knowledge of scripting languages (e.g., Python, Bash) for automating tasks and streamlining Splunk processes.
• Experience with cloud environments (e.g., AWS GovCloud, Azure Government) and their integration with Splunk.
• Experience with automation tools (e.g., Ansible, Puppet) in government infrastructure.
• Familiarity with SIEM solutions and security orchestration tools (e.g., Swimlane, Phantom, Demisto) to enhance incident response capabilities.

Experience/Years of Relevant Experience:

• Excellent verbal and written communication skills
• Ability to meet deadlines and work independently.
• Required Experience 5 years.

Education:

• BA / BS in a Science, Technology, Engineering, Cybersecurity Management field

Certifications (Not Required):

• CISSP (Certified Information Security Systems Professional)
• CompTIA Security+
• ITIL Foundations
• Experience with Agile-based project management (primary Kanban)

Software/Hardware Experience Desired

• Splunk certifications (e.g., Splunk Core Certified Power User, Admin, Architect).
• Current Splunk Enterprise Certified Architect certification

Security Clearance:

• Must be able to attain/maintain DHS EOD clearance.
• Must be a US Citizen and pass a background check.
• Maintain applicable security clearance(s) at the level required by the client and/or applicable certification(s) as Requested by FEDITC and/or required by FEDITC Client(s)/Customer(s).

FEDITC, LLC. is committed to fostering an inclusive workplace and provides equal employment opportunities (EEO) to all employees and applicants for employment. We do not employ AI tools in our decision-making processes. Regardless of race, color, religion, sex (including pregnancy), sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran, FEDITC, LLC. ensures that all employment decisions are made in accordance with applicable federal, state, and local laws. Our commitment to non-discrimination in employment extends to every location in which our company operates.