Splunk Security Engineer

SMX is seeking a Splunk Engineer responsible for implementing, configuring, and managing Splunk environments to support the organization’s data analytics, security, and operational goals. This role focuses on onboarding new data sources, optimizing search queries, building dashboards and reports, and maintaining the stability of the Splunk infrastructure. The scope of this position includes all Army Intelligence security domains as defined by the Cybersecurity Director, and the Splunk Engineer will verify that all solutions and configurations meet the required security standards and compliance requirements. Additionally, the Splunk Engineer is responsible for ensuring ICS 500-27 audit compliance, maintaining the integrity and security of the Splunk system, and collaborating closely with analysts and architects to implement data solutions that provide real-time visibility into critical systems and processes.

This is a full-time onsite position in Ft. Belvoir, VA.

Essential Duties & Responsibilities

• Splunk Implementation and Maintenance:
  • Set up and configure Splunk instances, including forwarders, indexers, and search heads.
  • Onboard new data sources into Splunk while ensuring proper parsing, field extraction, and indexing.
  • Manage Splunk licenses, user access controls, and configurations to maintain stability and security. 
•  Data Analysis and Visualization:
  • Build and optimize dashboards, alerts, and reports for security monitoring, IT operations, and business use cases.
  • Develop and enhance Splunk Search Processing Language (SPL) queries to facilitate advanced analytics.
  • Collaborate with teams to ensure that data sources meet the requirements for analysis and visualization.
• Troubleshooting and Performance Tuning:
  • Monitor the health of the Splunk system, identify issues, and implement solutions to maintain high availability and performance.
  • Optimize queries, alerts, and settings to lower resource use and improve efficiency.
  • Resolve data ingestion and indexing issues.
• Service Level Agreement (SLA) Management and Monitoring: •
  • Maintain and monitor the Service Level Agreement (SLA) of the Splunk system, ensuring that the system meets the required uptime, performance, and data ingestion targets.
  • Monitor the ingest of data sources, particularly high-value or high-impact systems, and alert stakeholders when these systems stop sending events or experience disruptions.
  • Develop and implement monitoring dashboards and alerts to quickly identify and respond to SLA breaches or data ingest issues.
•  Disaster Recovery and High Availability:
  • Design and implement disaster recovery and high availability solutions for the Splunk system, ensuring minimal downtime and data loss in the event of a disaster or system failure.
  • Develop and maintain disaster recovery plans, including backup and restore procedures, to ensure business continuity.
  • Configure and manage Splunk clustering, replication, and indexing to ensure high availability and redundancy.
• Compliance and Security:
  • Maintain RMF (Risk Management Framework) ATO (Authority to Operate) compliance for the Splunk system, ensuring that all security controls and configurations are in place and up-to-date.
  • Ensure STIG (Security Technical Implementation Guide) compliance for the Splunk system, including configuration and vulnerability management.
  • Maintain accurate and up-to-date documentation, including:
  • Data flow diagrams to illustrate data ingestion and processing.
  • Architecture diagrams to depict the Splunk system architecture.
  • System inventories to track hardware and software components.
  • Collaborate with the security team to ensure that the Splunk system meets all relevant security requirements and standards.
•  SIEM Management:
  • Manage the onboarding process for new systems and log types, including:
  • Maintaining onboarding documents for each system/log type.
  • Developing and maintaining a detailed list of event codes per operating system and application type.
  • Ensure that all data sources are properly configured and sending events to the Splunk system.
  • Collaborate with analysts and architects to develop and implement use cases for security monitoring and incident response.
•  Collaboration and Support:
  • Collaborate with architects and analysts to create and implement solutions that align with the organization’s objectives.
  • Provide technical support and assist end users with Splunk-related issues, ensuring timely resolution and minimal downtime.
•  Documentation and Continuous Improvement:
  • Document the configurations, workflows, and troubleshooting procedures to enhance team knowledge sharing.
  • Research and suggest enhancements to Splunk infrastructure and analytics capabilities.

Required Skills, Experience & Education

• Active Top Secret (TS) security clearance with eligibility for SCI and NATO read-on before starting work.
• Certifications:
  • Splunk Enterprise Certified Architect
  • CISSP-ISSAP, CISSP-ISSEP, CySA+, GCIA, GCLD, GICSP, or GSEC
• Education
  • Bachelor’s degree in computer science, Information Technology, or a similar field OR Minimum of 5 years of experience working with Splunk, including installation, configuration, and management.
• Technical Skills
  • Proficiency in managing Splunk components including forwarders, indexers, and search heads.
  • Strong understanding of SPL and the capacity to create custom dashboards and reports.
  • Experience in data parsing, field extraction, and indexing.

Desired Skills/Experience

• Experience supporting Splunk Enterprise Security (ES) or IT Service Intelligence (ITSI).
• Familiarity with scripting languages (e.g., Python, Bash) for automation.
• Knowledge of security operations, including SIEM best practices.

Application Deadline: January 26, 2026

#CJPOST

#LI-onsite