Avint LLC is seeking a highly skilled
Splunk Platform Engineer to support the Continuous Diagnostics and Mitigation (CDM) program at the Cybersecurity and Infrastructure Security Agency (CISA). The Splunk Platform Engineer will lead the design, implementation, configuration, and optimization of Splunk solutions to enhance the cybersecurity posture of government networks. This role requires a deep understanding of Splunk, cybersecurity principles, and the ability to collaborate effectively with cross-functional teams to ensure the success of the CDM program.
Responsibilities:
- Review the as-built architecture of Splunk solutions to support the CDM program's cybersecurity objectives at multiple Agencies
- Implement engineering solutions to Splunk deployments to ensure efficient data migration to the new data repository.
- Collaborate with stakeholders to gather requirements and translate them into technical solutions leveraging Splunk's capabilities
- Ensure data stored in Spunk indices can be read by external data movement tools such as Cribl
- Manage API keys for external tools to programmatically query Splunk data
- Perform data onboarding, normalization, and enrichment to ensure high-quality and actionable data for security monitoring and analysis
- Stay up-to-date with the latest Splunk versions, features, and best practices to continuously enhance the effectiveness of the CDM program
- Perform troubleshooting, root cause analysis, and resolution of complex technical issues related to Splunk deployments during migration
- Conduct system performance monitoring and capacity planning to maintain the optimal operation of to be infrastructure
Requirements
- Must be a US citizen and pass a background investigation
- Able to obtain and maintain a DHS Suitability/Entry on Duty (EOD)
- Associate degree in computer science, Information Technology, or a related field. Relevant industry certifications are a plus
- 3 years' experience as a Splunk Engineer or in a similar role, preferably in a cybersecurity or CDM deployments
- Intermediate level knowledge of Splunk Enterprise and Splunk Enterprise Security, including architecture, installation, configuration, and administration
- Basic understanding of cybersecurity principles, threat intelligence, and incident response
- Basic knowledge of REST APIs including their methods and authentication techniques
- Proficient in developing custom Splunk dashboards, and reports using Splunk's Search Processing Language (SPL)
- Hands-on experience integrating Splunk with various data sources, security tools, and SIEM platforms
- Ability to create complex search queries, correlation rules, and alerts to support security monitoring and analysis
- Excellent problem-solving and troubleshooting skills, with the ability to analyze and resolve complex technical issues
- Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and stakeholders
- Self-motivated and able to work independently as well as part of a team in a fast-paced environment
- JIRA experience
- Confluence
Benefits
Joining Avint is a win-win proposition! You will feel the personal touch of a small business and receive BIG business benefits. From competitive salaries, full health, to a new Open Time Off Policy and Federal Holidays. Additionally, we encourage every Avint employee to further their professional development. To assist you in achieving your goals, we offer reimbursement for courses, exams, and tuition. Interested in a class, conference, program, or degree? Avint will invest in YOU and your professional development!
Avint is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity and Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class.