Splunk Engineer

Splunk Engineer Job Locations: US-VA-Herndon | US-DC-Washington | US-MD-Riverdale Clearance Required: Top Secret/SCI w/Poly Responsibilities The Mid-Level Splunk Engineer supports enterprise-wide monitoring, alerting, and analytics across the customer's operational and security environments. This position develops and maintains custom Splunk dashboards, visualizations, and alerts that provide actionable insights for NOC and SOC personnel. The engineer ensures data integrity, visibility, and system performance across mission-critical networks and applications supporting government operations. This role bridges IT operations and cybersecurity by delivering analytics solutions that enhance situational awareness, reduce incident response time, and support compliance with NIST 800-171, and DoD 8570 requirements. Design, develop, and maintain custom Splunk dashboards, alerts, and reports to support both NOC and SOC operations. Onboard new data sources including network appliances, servers, security tools, and applications using forwarders, APIs, and syslog integrations. Implement data normalization using the Splunk Common Information Model (CIM) to support consistent reporting and event correlation. Develop and optimize SPL queries, regex extractions, and macros for high-performing searches and visualizations. Configure and tune threshold-based and adaptive alerts for system performance, security, and application availability. Collaborate with NOC and SOC analysts to define KPIs and ensure accurate visibility into network health and security posture. Support incident detection, triage, and root cause analysis using Splunk dashboards and search tools. Monitor and maintain the health and performance of Splunk Enterprise / Splunk Cloud environments. Integrate Splunk with automation/orchestration tools (e.g., Ansible, ServiceNow, SOAR platforms) for improved workflow efficiency. Document data source onboarding, dashboard configuration, and analytic processes in accordance with program SOPs. Qualifications Required Qualifications: TS/SCI with polygraph clearance adjudication or ability to obtain SCI and pass a poly. Bachelor's degree in an area applicable to the position with 5+ years relevant experience. Will consider additional 4 years of experience in lieu of degree. Active CompTIA Security+, CySA+, CASP+, CISSP, or equivalent DoD 8570 IAT Level II. 3-5 years of hands-on experience administering, configuring, and developing within Splunk Enterprise or Splunk Cloud environments. Demonstrated experience designing and maintaining custom dashboards, reports, and alerting frameworks. Strong proficiency in Splunk Search Processing Language (SPL), field extractions, and data model creation. Familiarity with Linux and Windows server environments, network protocols (TCP/IP, SNMP, syslog), and application log ingestion. Understanding of NOC/SOC workflows, event correlation, and log management best practices. Experience troubleshooting data ingestion, indexing, and search performance issues. Excellent communication, documentation, and collaboration skills. Desired Qualifications: Current Splunk Core Certified Power User, Admin, or Architect certification. Experience supporting federal or DoD environments and familiarity with RMF (Risk Management Framework). Experience with Python scripting, REST APIs, or JSON/XML parsing for custom integrations. Working knowledge of NIST 800-53/171, and log retention / audit evidence requirements. Experience with automation, orchestration, or SIEM/SOAR integration. Benefits: Peraton offers enhanced benefits to employees working on this critical National Security program, which include heavily subsidized employee benefits coverage for you and your dependents, 25 days of PTO accrued annually up to a generous PTO cap, and eligibility to participate in an attractive bonus plan. EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law. #J-18808-Ljbffr