This is a full-time hybrid remote position located in Washington, DC. 

2HB is seeking a talented Splunk Engineer to join our team. The Splunk Engineer will install and maintain Splunk infrastructure, gather requirements from customers, onboard data, and assist end users with search, dashboards, reports, and knowledge objects.

Primary Responsibilities

List daily duties and/or specific job responsibilities.

• Manage multiple assignments, changing priorities, and work independently with little oversight

• Build, implement, and administer Splunk in Windows and Linux environments

• Work with existing and custom Splunk applications and add-ons to fulfill customer needs

• Provide operations and maintenance support for a distributed Splunk environment consisting of heavy forwarders, indexers, and search head servers, spanning security, performance, and operational roles

• Editing and maintaining Splunk configuration files and apps

• Onboard data to Splunk via forwarder, scripted inputs, TCP/UDP, and modular inputs from a variety of sources.

• Provider operational support for Splunk Universal Forwarder on Linux and Windows endpoints

• Manage, and support automation solutions for Splunk deployment and orchestration in on-premise and cloud environments

• Documentation, reporting, presentation, teamwork, and DHS wide collaboration are among the expected duties and mission of the task order

Basic Qualifications

List the “must have” MINIMUM requirements to be considered for the position and ensure minimum quals fall within the minimum Leidos job code requirements. Example: Bachelors’ Degree with 6 years’ of applicable experience or 4 additional years’ of experience in lieu of degree. Must be able to obtain and maintain a TS/SCI Clearance. Must have 2 years JAVA experience.

• Bachelor’s degree in Computer Science, Engineering, or a related field and a minimum of eight (8) years of experience in system administration, database administration, network engineering, software engineering, or software development, with a concentration in Cybersecurity

• Four (2) years of experience with Splunk in distributed deployments

• At least one of the following certifications: CASP, GCIH, GCWN, GISF, GISP, GSSP, GICSP, GSSP, SEI, CISSP, CCSP, CSSLP, SSCP, CCNP, CCNP Security, CCIE Security, CEH, ECSP, MCSE, RHCA, RHCE, VCP, VCAP, VCIX, VCDX

• Excellent written and oral skills, ability to work closely with multiple customers, manage expectations and track engagement scope

• Experience with Splunk Enterprise Security or integration with other Security Information and Event Management (SIEM) platforms

• Proficient at data on-boarding activities including routing, parsing, and normalizing events to the Splunk Common Information Model (CIM)

• Proficiency onboarding data using Splunk developed add-ons for Windows, Linux, and common third-party devices and applications

• Experience onboarding data into Splunk via forwarder, scripted inputs, TCP/UDP, and modular inputs from a variety of sources

• Proficiency managing Splunk using the Splunk command-line interface

• Proficiency managing Splunk using configuration files

• Experience collaborating with separate engineering teams to configure data sources for Splunk integration

• Proficiency implementing and onboarding data in Splunk DB Connect

• Experience with Splunk performing systems administration, including performing installation, configuration, monitoring system performance and availability, upgrades, and troubleshooting

• General networking and security troubleshooting (firewalls, routing, NAT, etc.)

• Splunk implementation and troubleshooting experience

• Experience in managing, maintaining, and administering multi-site indexer cluster

• Proficiency developing log ingestion and aggregation strategies per Splunk best practices

• Perform integration activities to configure, connect, and pull data with 3rd party software APIs

• Proficient in regular expressions

• Ability to autonomously prioritize and successfully deliver across a portfolio of projects

• DHS Entry on Duty (EOD) is required to support this program

Preferred Qualifications

List additional skills and experience that is “nice to have” but not required.

• Experience working in Azure

• Experience with GitLab or GitHub or other version control system

• Scripting and development skills (Bash, Python, and PowerShell)