Splunk Engineer - TS/SCI (Washington, DC)

Location: Washington, DC

Department: Federal

Splunk Engineer - TS/SCI Clearance with the willingness to take and pass a polygraph exam is required for consideration for hire for this role. 

Locations available: 100% onsite JBAB (Bolling AFB), DC; Maryland Square, MD; Reston, VA; Quantico, VA; Colorado Springs, CO; Waikiki, HI. 

What You’ll Get To Do:
You will work with an expert team focused on implementing and operating next-generation security solutions for government and commercial clients. You’ll use Splunk and integrate it with other state-of-the-art tools like HBSS, Enterprise Security Manager (ESM), Network Security Manager (NSM), NetFlow, and/or Intrusion Detection Systems (IDS) to monitor, detect, and analyze threats. You'll perform hands-on evaluation, implementation, and operation of leading security Cyber defense tools and technologies and apply in-depth defense strategies for large and complex networks to rapidly identify vulnerabilities and threats, prioritizing response actions, including developing effective countermeasures. You’ll support the risk management and security compliance of specified cyber security tools. You'll apply thought leadership to solving complex security challenges in a highly collaborative and innovative work
environment.

You’ll Bring These Qualifications:

• 3+ years of experience utilizing Splunk Enterprise
• Experience with deploying, configuring, and performing functional testing and data validation in a Splunk environment
• Experience with Splunk performing systems administration, including performing installation, configuration, monitoring
  system performance and availability, upgrades, and troubleshooting in Windows and Linux Server environments
• Experience creating custom dashboards, writing queries and generating reports, and setting up alerts and notifications
• Familiarity with DoD Risk Management Framework
• Top Secret/SCI clearance with the ability to obtain a Counter-Intelligence polygraph
• Active DoD 8570 IAT Level III certification (CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, or CCSP)
• Active DoD 8570 Cybersecurity Service Provider (CSSP) - Infrastructure Support (IS) certification (CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND)
• HS diploma or GED and 7+ years of experience with supporting IT projects and activities, Associate’s degree and 5+ years of experience with supporting IT projects and activities, or Bachelor’s degree and 3+ years of experience with supporting IT projects and activities
• DoD 8570 IAT Level II Certification, including CCNA-Security, CySA+, GICSP, GSEC, Security+ CE, CND, or SSCP
• Ability to obtain a DoD 8570.01-M Cybersecurity Service Provider - Infrastructure Support Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND Certification prior to start date 

Nice If You Have:

• Ability to ingest and parse logs within Splunk
• Experience with fields abstraction
• Experience with data modeling using Splunk
• Experience with workflows and drilldown query
• Experience administering Splunk in distributed deployments
• Experience with performing site surveys, data gathering, and research and analysis regarding deploying and implementing security tools
• Splunk Certified Power User or other advanced Splunk Certification
• Experience with DevSecOps and Elasticsearch, Logstash & Kibana (ELK)
• Possession of excellent oral and written communication skills, including using presentation expertise to convey complex
• Ideas to client and internal staff
• Possession of excellent problem-solving skills