Splunk Ingest Engineer
Motion Recruitment
- Arlington, VA
- Contract
- Full-time
- Perform daily health checks to ensure optimal performance and security of the deployed Splunk infrastructure.
- Carry out routine maintenance activities, including:
- Applying OS patches and upgrades to ensure system integrity.
- Upgrading Splunk Enterprise and associated apps, including Splunk Enterprise Security (ES)
- Managing SSL certificates for secure communications
- Conducting regular backups and restoration operations when necessary
- Deploy new Splunk infrastructure and AWS services, involving:
- Scaling Splunk Indexer Cluster and Search Head Cluster
- Server resizing to meet operational demands.
- Configuration of AWS resources such as S3 buckets, Load Balancers, Security Groups, and IAM Roles and Policies
- Implement new Splunk configurations, including:
- Custom app development tailored to business requirements.
- Creation and management of indexes utilizing Smart Store technology.
- Oversee the deployment and maintenance of log ingest mechanisms:
- Manage Universal Forwarders and Deployment Server operations.
- Configure props/transforms for data parsing and enrichment.
- Integrate HTTP Event Collector (HEC) for data ingestion.
- Monitor files, databases, and other data sources using tools like DB Connect and syslog/SC4S.
- Ensure log ingest processes are compliant with the Common Information Model (CIM) and facilitate Data Model Acceleration.
- Bachelor's degree in Computer Science, Information Security, or related field or equivalent professional experience
- Effective communication and collaboration skills
- Problem-solving skills and the ability to think strategically about security.
- Continuous learning mindset to stay updated with the rapidly evolving cyber threat landscape.
- Minimum 3 years of hands-on experience in Splunk Administration
- The below ideal core competencies and experience should align candidates for success in the NS2 Environments:
- Windows and Linux operating system administration
- Hardware, software, and network-level troubleshooting
- Automation via infrastructure as Code (IaC), e.g., Terraform, Ansible, etc.
- Programming/scripting experience e.g.: Python, PowerShell, Bash, Golang, C, JS, SQL, etc.
- Log management and parsing strategies
- CI/CD pipeline experience e.g.: Jenkins, Concourse, GitHub Actions, etc.
- Cloud Platforms, e.g., AWS, Azure, GCP
- Familiarity with security compliance frameworks and regulations such as NIST 800-171 or 800-53
- Splunk Architect certification
- Splunk Administrator certification
- Red Hat Enterprise Linux certifications, such as RHCSE or RHCSA
- Cloud provider (AWS, Azure, GCP) certifications
- Prior DoD or FedRAMP experience
This position doesn’t provide sponsorship.