Splunk Engineer

Description The Splunk Engineer 1 is equivalent to an experienced engineer at the Department of Homeland Security (DHS). DHS Customs and Border Protection (CBP) Security Operations Center (SOC) is a US Government program responsible to prevent, identify, contain, and eradicate cyber threats to CBP networks through monitoring, intrusion detection and protective security services to CBP information systems including LAN/WAN, commercial Internet connection, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations. The CBP SOC is responsible for the overall security of CBP Enterprise-wide information systems, and collects, investigates, and reports any suspected and confirmed security violations. Leidos currently has a need for a Splunk Engineer 1 for this highly visible cyber security program supporting Customs and Border Protection (CBP) security operations center (SOC). The Splunk Engineer 1 will support the full system engineering life cycle, including requirements analysis, design, development, implementation, integration, test, and documentation. The Splunk Engineer 1 will follow defined best practices and operational workflows. Primary Responsibilities The Splunk Engineer 1 will provide overall engineering and administration in supporting a very large distributed clustered Splunk environment consisting of search heads, indexers, deployers, deployment servers, heavy/universal forwarders, and Splunk Enterprise Security premium apps, spanning security, performance, and operational roles. The Engineer should be proficient with recognizing and onboarding new data sources into Splunk, building dashboards, searches, reports, etc. The Splunk Engineer 1 should be proficient within a Linux environment, editing and maintaining Splunk configuration files and apps. The Engineer should be familiar with and able to learn how to utilize and administer Cribl on the job. In addition, the Splunk Engineer 1 should be familiar with ansible or other automation tools. The Splunk Engineer 1 will be a member of the Enterprise Splunk team, which falls under Cybersecurity Engineering, and will be required to interact with end users to gather requirements, perform troubleshooting, and provide assistance with the creation of Splunk search queries and dashboards. The Splunk Engineer 1 may be required to interact with senior management, as necessary. Basic Qualifications A minimum of a Bachelor’s degree with 4 years’ experience in the Information Technology arena. OR A Bachelor's and 8 years of experience (Depending on level) Additional Cyber Security Certifications and experience may be considered in lieu of Bachelor’s degree. A combination of 3+ Years experience in Linux, Splunk, Ansible, app interface development, using REST APIs, or other Cyber technologies. Ability to follow Change & Configuration Management, utilizing automation tools, such as Git. 3+ years of experience in a Splunk role working in a Splunk clustered environment, with experience in Splunk premium app management (Enterprise Security). Strong problem-solving abilities with an analytic and qualitative eye for reasoning under pressure. Self-starter with the ability to independently prioritize and complete multiple tasks with little to no supervision. Knowledge of Cloud Services such as AWS, Office365. Understanding and usage of Regex. Experience with scripting languages, such as Python, Bash, JavaScript or PowerShell. Possess baseline security certification to meet DoD 8570 at IAT II requirements, such as Security+. Understanding basic networking principles or Enterprise network design. Must be able to report to the work site 5 days per week if needed. Must have a US Citizenship. Must be able to obtain the equivalent of a Public Trust clearance. Must have at least one of the following certifications CompTIA Security+ or equivalent

ISC2 CISSP

Splunk Enterprise Security Certified Admin Splunk IT Service Intelligence Certified Admin Splunk Cloud Certified Admin Splunk SOAR Certified Automation Developer Splunk Certified Developer Splunk Enterprise Certified Admin Splunk Enterprise Certified Architect Splunk Core Certified Consultant Must have a current or be able to favorably pass a 5-year (BI) Background Investigation to join this program. Preferred Qualifications Experience in automating Splunk Deployments and orchestration within a Cloud environment. Experience with FISMA Systems requirements. Experience with Confluence, JIRA, ServiceNow. Splunk Certified Developer certification. Cribl Admin certified or equivalent experience. Pay Range Pay Range $87,100.00 - $157,450.00 Pay and Benefits Pay and benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. Commitment to Non-Discrimination All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws. #J-18808-Ljbffr Leidos