Job Description
Splunk Engineer/Admin Locations: Annapolis Junction, MD | Alexandria, VA | Aurora, CO | San Diego, CA
Clearance Required: TS/SCI with
FS Poly (Sienna) (Must have FS Poly within the last 5 years – No CCAs)
Compensation: $150-$200K Onsite Position Overview: We are seeking a
Splunk Engineer/Admin to support
mission-critical operations in a
high-security environment . The ideal candidate will have hands-on experience with
Splunk engineering and administration , as well as other security information and event management (
SIEM ) tools. This role requires expertise in designing, implementing, and optimizing
Splunk environments to support auditing, incident response, and system health monitoring.
If you are a
SIEM specialist with a deep understanding of
network security, data analysis, and log management , we encourage you to apply!
Key Responsibilities: - Splunk Administration & Engineering:
- Design, implement, and support Splunk core components , including indexers, forwarders, search heads, and cluster managers .
- Configure and administer Splunk ingestion and forwarding for new and existing applications and data sources.
- Troubleshoot Splunk data flow issues between various core components.
- Optimize search-time performance , log ingestion , and field extractions .
- SIEM & Network Security Monitoring:
- Support monitoring systems for auditing, incident response, and system health .
- Create custom dashboards and analytics within SIEM tools to improve visibility into security events.
- Configure and deploy data collection solutions across multiple operating systems and networking platforms.
- Troubleshoot network security logs and log feed issues from different sources.
- Collaboration & Agile Development:
- Work alongside cybersecurity teams to enhance SIEM capabilities and improve incident response workflows .
- Participate in an Agile development environment, contributing to the continuous improvement of security monitoring solutions.
- Travel up to 25% of the time (if not located in Maryland). Required Qualifications:
Security Clearance: TS/SCI w/ FS Poly (Must have FS Poly within the last 5 years – No CCAs)
Experience: At least 2+ years working with one or more of the following: - Splunk, StealthWatch, TripWire, Zenoss, ArcSight
Splunk Expertise: - Splunk Certified Admin preferred (or extensive hands-on Splunk experience)
- Strong knowledge of Splunk architecture , including indexers, forwarders, search heads, and cluster managers
- Experience troubleshooting Splunk ingestion, forwarding, and data processing
SIEM & Security Monitoring Experience: - Experience with incident response workflows in a SIEM environment
- Understanding of network components, protocols, ports, and security event logging
Technical Troubleshooting Skills: - Ability to resolve log feed issues, search-time inefficiencies, and field extractions
- Strong analytical skills to diagnose data and security event issues
Preferred Qualifications:
Education: Bachelor’s Degree in Computer Science, Engineering, Information Assurance , or a related field
Certifications: - Splunk Certified Admin (highly preferred)
- Security+ Certification
- GIAC Certified Incident Handler (GCIH)
- GIAC Cyber Threat Intelligence Certification (GCTI)
- Other cybersecurity certifications or formal SIEM training
Additional Experience: - Security Operations Center (SOC) experience
- Data visualization expertise for improved SIEM dashboarding
- Experience developing workflows for incident response
- Agile development experience
Why Join Us?
Mission-Driven Work – Play a key role in national security and cyber defense operations
Career Growth – Gain hands-on experience with cutting-edge SIEM tools
High-Security Environment – Work with classified networks and sensitive security data
Innovative Team – Collaborate with top-tier cybersecurity professionals
Competitive Market Rate – Compensation based on experience and skillset
If you're a Splunk expert looking to make an impact in cybersecurity and network defense , apply today!
Ref: #850-Rockville (ALTA IT)
Job Tags