Apply on Employer Site

Waterleaf International · 6 days ago

Splunk Engineer

United States

Full-time

Remote

Mid, Senior Level

4+ years exp

Waterleaf International LLC is an engineering, cybersecurity, and science-based defense and networking contractor seeking a talented Splunk Engineer to join their team. The role involves maintaining Splunk infrastructure, gathering requirements from customers, and onboarding data.

Cyber SecurityData CenterPredictive Analytics

Responsibilities

Manage multiple assignments, changing priorities, and work independently with little oversight

Build, implement, and administer Splunk in Linux environments

Work with Cribl for Data management and pipelines

Work with existing and custom Splunk applications and add-ons to fulfill customer needs

Provide operations and maintenance support for a distributed Splunk environment consisting of heavy forwarders, indexers, and search head servers, spanning security, performance, and operational roles

Editing and maintaining Splunk configuration files and apps

Onboard data to Splunk via forwarder, scripted inputs, TCP/UDP, and modular inputs from a variety of sources

Provider operational support for Splunk Universal Forwarder on Linux and Windows endpoints

Manage, and support automation solutions for Splunk deployment and orchestration in on-premise

Qualification

SplunkLinuxData onboardingSplunk certificationsAnsibleTerraformNetworkingAnalytical skillsScriptingRegular expressionsCommunication skillsCritical thinkingCollaboration

Required

Bachelor's degree in Computer Science, Engineering, or a related field and a minimum of four (4) years of experience in system administration, database administration, network engineering, software engineering, or software development, with a concentration in Cybersecurity

Two (2) years of experience with Splunk in distributed deployments

At least two Splunk certifications

Excellent written and oral skills, ability to work closely with multiple customers, manage expectations and track engagement scope

Experience with Splunk Enterprise Security or integration with other Security Information and Event Management (SIEM) platforms

Proficient at data on-boarding activities including routing, parsing, and normalizing events to the Splunk Common Information Model (CIM)

Proficiency onboarding data using Splunk developed add-ons for Windows, Linux, and common third-party devices and applications

Experience onboarding data into Splunk via forwarder, scripted inputs, TCP/UDP, and modular inputs from a variety of sources

Proficiency managing Splunk using the Splunk command-line interface

Proficiency managing Splunk using configuration files

Experience collaborating with separate engineering teams to configure data sources for Splunk integration

Proficiency implementing and onboarding data in Splunk

Experience with Splunk performing systems administration, including performing installation, configuration, monitoring system performance and availability, upgrades, and troubleshooting

General networking and security troubleshooting (firewalls, routing, NAT, etc.)

Splunk implementation and troubleshooting experience

Experience in managing, maintaining, and administering multi-site indexer cluster

Proficiency developing log ingestion and aggregation strategies per Splunk best practices

Perform integration activities to configure, connect, and pull data with 3rd party software APIs

Proficient in regular expressions

Ability to autonomously prioritize and successfully deliver across a portfolio of projects

Ability to Script and use Ansible and/or Teraform