Splunk Security Engineer (4672) (TS/SCI) (Ft. Belvoir, VA) jobs in United States
cer-icon
Apply on Employer Site
company-logo

SMX · 6 hours ago

Splunk Security Engineer (4672) (TS/SCI) (Ft. Belvoir, VA)

positionFort Belvoir, VA
timeFull-time
remoteOnsite
seniorityMid, Senior Level
money$133K/yr - $222K/yr
date5+ years exp

SMX is seeking a Splunk Engineer responsible for implementing, configuring, and managing Splunk environments to support the organization’s data analytics, security, and operational goals. This role focuses on onboarding new data sources, optimizing search queries, building dashboards and reports, and maintaining the stability of the Splunk infrastructure.

AnalyticsCloud ComputingCloud Data ServicesCloud SecurityCyber SecurityInformation TechnologyIT ManagementSoftware
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Set up and configure Splunk instances, including forwarders, indexers, and search heads
Onboard new data sources into Splunk while ensuring proper parsing, field extraction, and indexing
Manage Splunk licenses, user access controls, and configurations to maintain stability and security
Build and optimize dashboards, alerts, and reports for security monitoring, IT operations, and business use cases
Develop and enhance Splunk Search Processing Language (SPL) queries to facilitate advanced analytics
Collaborate with teams to ensure that data sources meet the requirements for analysis and visualization
Monitor the health of the Splunk system, identify issues, and implement solutions to maintain high availability and performance
Optimize queries, alerts, and settings to lower resource use and improve efficiency
Resolve data ingestion and indexing issues
Maintain and monitor the Service Level Agreement (SLA) of the Splunk system, ensuring that the system meets the required uptime, performance, and data ingestion targets
Monitor the ingest of data sources, particularly high-value or high-impact systems, and alert stakeholders when these systems stop sending events or experience disruptions
Develop and implement monitoring dashboards and alerts to quickly identify and respond to SLA breaches or data ingest issues
Design and implement disaster recovery and high availability solutions for the Splunk system, ensuring minimal downtime and data loss in the event of a disaster or system failure
Develop and maintain disaster recovery plans, including backup and restore procedures, to ensure business continuity
Configure and manage Splunk clustering, replication, and indexing to ensure high availability and redundancy
Maintain RMF (Risk Management Framework) ATO (Authority to Operate) compliance for the Splunk system, ensuring that all security controls and configurations are in place and up-to-date
Ensure STIG (Security Technical Implementation Guide) compliance for the Splunk system, including configuration and vulnerability management
Maintain accurate and up-to-date documentation, including: Data flow diagrams to illustrate data ingestion and processing, Architecture diagrams to depict the Splunk system architecture, System inventories to track hardware and software components
Collaborate with the security team to ensure that the Splunk system meets all relevant security requirements and standards
Manage the onboarding process for new systems and log types, including: Maintaining onboarding documents for each system/log type, Developing and maintaining a detailed list of event codes per operating system and application type
Ensure that all data sources are properly configured and sending events to the Splunk system
Collaborate with analysts and architects to develop and implement use cases for security monitoring and incident response
Collaborate with architects and analysts to create and implement solutions that align with the organization’s objectives
Provide technical support and assist end users with Splunk-related issues, ensuring timely resolution and minimal downtime
Document the configurations, workflows, and troubleshooting procedures to enhance team knowledge sharing
Research and suggest enhancements to Splunk infrastructure and analytics capabilities

Qualification

Splunk implementationSPL proficiencyData parsingDisaster recoveryCompliance managementSIEM managementScripting languagesTechnical supportCollaborationDocumentation

Required

Active Top Secret (TS) security clearance with eligibility for SCI and NATO read-on before starting work
Certifications: Splunk Enterprise Certified Architect, CISSP-ISSAP, CISSP-ISSEP, CySA+, GCIA, GCLD, GICSP, or GSEC
Bachelor's degree in computer science, Information Technology, or a similar field OR Minimum of 5 years of experience working with Splunk, including installation, configuration, and management
Proficiency in managing Splunk components including forwarders, indexers, and search heads
Strong understanding of SPL and the capacity to create custom dashboards and reports
Experience in data parsing, field extraction, and indexing

Preferred

Experience supporting Splunk Enterprise Security (ES) or IT Service Intelligence (ITSI)
Familiarity with scripting languages (e.g., Python, Bash) for automation
Knowledge of security operations, including SIEM best practices

Benefits

Health insurance
Paid leave
Retirement

Company

SMX

twittertwitter
company-logo
SMX is a provider of information technology (IT), services, and advanced engineering with a focus on Cloud Solutions.
dateFounded in 1995
location
Hollywood, Maryland, USA
people-size1001-5000 employees
web-link
https://www.smxtech.com

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Peter LaMontagne
Chief Executive Officer
linkedin

Recent News

GlobeNewswire
Outside Analytics Teams with SciTec on U.S. Space Force FORGE EOS Contract for Missile Warning Mission
2025-12-09
Morningstar.com
SMX Strikes Gold In A Deal to Redefine Precious Metals Transparency
2025-11-24
Precedence Research
Biodegradable Paper & Plastic Packaging Market Companies, Size and Trends 2025-2035
2025-11-18
Company data provided by crunchbase