Splunk Engineer/Admin

• Splunk Administration & Engineering:
• Design, implement, and support Splunk core components, including indexers, forwarders, search heads, and cluster managers.
• Configure and administer Splunk ingestion and forwarding for new and existing applications and data sources.
• Troubleshoot Splunk data flow issues between various core components.
• Optimize search-time performance, log ingestion, and field extractions.

• SIEM & Network Security Monitoring:
• Support monitoring systems for auditing, incident response, and system health.
• Create custom dashboards and analytics within SIEM tools to improve visibility into security events.
• Configure and deploy data collection solutions across multiple operating systems and networking platforms.
• Troubleshoot network security logs and log feed issues from different sources.
• Collaboration & Agile Development:
• Work alongside cybersecurity teams to enhance SIEM capabilities and improve incident response workflows.
• Participate in an Agile development environment, contributing to the continuous improvement of security monitoring solutions.
• Travel up to 25% of the time (if not located in Maryland).
  Required Qualifications:
   Security Clearance: TS/SCI w/ FS Poly (Must have FS Poly within the last 5 years – No CCAs)
  Experience: At least 2 years working with one or more of the following:
  • Splunk, StealthWatch, TripWire, Zenoss, ArcSight
     Splunk Expertise:
  • Splunk Certified Admin preferred (or extensive hands-on Splunk experience)
  • Strong knowledge of Splunk architecture, including indexers, forwarders, search heads, and cluster managers
  • Experience troubleshooting Splunk ingestion, forwarding, and data processing
     SIEM & Security Monitoring Experience:
  • Experience with incident response workflows in a SIEM environment
  • Understanding of network components, protocols, ports, and security event logging
    Technical Troubleshooting Skills:
  • Ability to resolve log feed issues, search-time inefficiencies, and field extractions
  • Strong analytical skills to diagnose data and security event issues
  Preferred Qualifications:
  Education: Bachelor’s Degree in Computer Science, Engineering, Information Assurance, or a related field
  Certifications:
  • Splunk Certified Admin (highly preferred)
  • Security Certification
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Cyber Threat Intelligence Certification (GCTI)
  • Other cybersecurity certifications or formal SIEM training
     Additional Experience:
  • Security Operations Center (SOC) experience
  • Data visualization expertise for improved SIEM dashboarding
  • Experience developing workflows for incident response
  • Agile development experience
  Why Join Us?
   Mission-Driven Work – Play a key role in national security and cyber defense operations
  Career Growth – Gain hands-on experience with cutting-edge SIEM tools
  High-Security Environment – Work with classified networks and sensitive security data
  Innovative Team – Collaborate with top-tier cybersecurity professionals
  Competitive Market Rate – Compensation based on experience and skillset
  If you're a Splunk expert looking to make an impact in cybersecurity and network defense, apply today! 
  
   
  
  Ref: #850-Rockville (ALTA IT)

Salary : $150,000 - $200,000