Splunk Engineer (Intermediate) jobs in United States
cer-icon
Apply on Employer Site
company-logo

The Amatriot Group · 18 hours ago

Splunk Engineer (Intermediate)

positionRiverdale, MD
timeFull-time
remoteOnsite
seniorityMid Level
money$220K/yr - $245K/yr
date3+ years exp

The Amatriot Group is seeking a Splunk Engineer to support enterprise-wide monitoring, alerting, and analytics across operational and security environments. This role involves developing and maintaining custom Splunk dashboards and ensuring data integrity and system performance for government operations.

Responsibilities

Design, develop, and maintain custom Splunk dashboards, alerts, and reports to support both NOC and SOC operations
Onboard new data sources including network appliances, servers, security tools, and applications using forwarders, APIs, and syslog integrations
Implement data normalization using the Splunk Common Information Model (CIM) to support consistent reporting and event correlation
Develop and optimize SPL queries, regex extractions, and macros for high-performing searches and visualizations
Configure and tune threshold-based and adaptive alerts for system performance, security, and application availability
Collaborate with NOC and SOC analysts to define KPIs and ensure accurate visibility into network health and security posture
Support incident detection, triage, and root cause analysis using Splunk dashboards and search tools
Monitor and maintain the health and performance of Splunk Enterprise / Splunk Cloud environments
Integrate Splunk with automation/orchestration tools (e.g., Ansible, ServiceNow, SOAR platforms) for improved workflow efficiency
Document data source onboarding, dashboard configuration, and analytic processes in accordance with program SOPs

Qualification

Splunk Enterprise/CloudSplunk Search Processing Language (SPL)Data normalizationLinux server environmentsWindows server environmentsPython scriptingREST APIsAutomation/orchestration toolsCommunicationProblem-solving skillsDetail-orientedSelf-motivatedTeam collaboration

Required

Active TS/SCI Clearance and a willingness/ability to get a CI Polygraph
Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or related field; equivalent work experience may be substituted
3–5 years of hands-on experience administering, configuring, and developing within Splunk Enterprise or Splunk Cloud environments
Demonstrated experience designing and maintaining custom dashboards, reports, and alerting frameworks
Strong proficiency in Splunk Search Processing Language (SPL), field extractions, and data model creation
Familiarity with Linux and Windows server environments, network protocols (TCP/IP, SNMP, syslog), and application log ingestion
Understanding of NOC/SOC workflows, event correlation, and log management best practices
Experience troubleshooting data ingestion, indexing, and search performance issues
Excellent communication, documentation, and collaboration skills
Active CompTIA Security+, CySA+, CASP+, CISSP, or equivalent DoD 8570 IAT Level II

Preferred

Current Splunk Core Certified Power User, Admin, or Architect certification
Experience supporting federal or DoD environments and familiarity with RMF (Risk Management Framework)
Experience with Python scripting, REST APIs, or JSON/XML parsing for custom integrations
Working knowledge of NIST 800-53/171, and log retention / audit evidence requirements
Experience with automation, orchestration, or SIEM/SOAR integration

Company

The Amatriot Group

twitter
company-logo
The Amatriot Group (formerly Government Tactical Solutions) is a talent solutions firm built on almost 15 years of experience delivering mission-critical support to the intelligence, defense, and national security sectors of the federal government.
dateFounded in 2011
location
Vienna, Virginia, US
people-size201-500 employees
web-link
https://amatriot.com

Funding

Current Stage
Growth Stage
Company data provided by crunchbase