151 - Splunk Master

Sharp Solutions, Inc. - Virginia

Senior Splunk Engineer

We are looking for a Splunk SME to join our team in L'Enfant Plaza in Washington, DC.

Primary Responsibilities

The candidate should be familiar with recognizing and onboarding new data sources into Splunk, analyzing the data for anomalies and trends, and building dashboards highlighting the key trends of the data. The DHS SOC has primary responsibility for monitoring and responding to security events and incidents detected at the Trusted Internet Connection (TIC) and Policy Enforcement Point (PEP) and is responsible for directing and coordinating detection and response activities performed by each Component SOC. Direction and coordination are achieved through a new shared DHS incident tracking system and other means of coordination and communication.

The selected candidate will provide overall engineering and design support for a very large distributed multi-site, multi-cluster Splunk deployment spanning security, operations, and compliance monitoring roles. The Splunk SME will support the full system engineering life-cycle, including requirements analysis, design, development, integration, test, documentation, and implementation following defined best practices and operational workflows. The Splunk SME will be familiar with building and deploying custom Splunk apps including managing custom field extractions, data models, summary indexes, and others.

The Splunk SME will work with other Cybersecurity Engineering team members and will be required to interact with end users to gather requirements, perform troubleshooting, and provide assistance with the creation of Splunk search queries and dashboards. The Splunk SME will be required to interact with senior management, as necessary.

Minimum Qualifications
4+ years of experience in a senior Splunk role
3+ Years experience in Linux and SQL/ODBC interfaces
2+ Years experience in app interface development, using REST API’s
Previous project management experience
ITIL Change & Configuration Management
version control systems (Git, Mercurial)
Splunk Architect or equivalent experience
RHCE or equivalent experience
The candidate should have experience and be comfortable with recognizing and onboarding new data types, and managing distributed data source inputs into Splunk, analyzing the data for anomalies and trends, and building dashboards, reports, and alerts both independently and built from customer requirements. The Splunk SME should have a strong foundation working in Red Hat Linux environments. The candidate must be comfortable editing and maintaining Splunk configuration files and apps managed in version control systems.

The Splunk SME must possess a thorough understanding of Splunk Deployment Methodology and best‑practices for planning, data collection, and sizing for a distributed deployment and is able to manage and troubleshoot distributed deployments with multiple, multi-site indexer clusters and search head clusters. The Splunk SME must be experienced in deploying, managing, and troubleshooting complex Splunk Enterprise environments. They must be familiar with managing various components of Splunk Enterprise on a daily basis, including license management, indexers and search heads, configuration, monitoring, and getting data into Splunk. The Splunk SME must be familiar with the Splunk common information model (CIM) and its applications within the Splunk Enterprise Security (ES) premium application. The Splunk SME must be familiar with managing custom Splunk ES content both from community provided sources and custom built content based on customer requirements.

Preferred Qualifications
Experiences in other systems and network management products
Splunk Certified Consultant

Education Requirements
Minimum of a Masters degree coupled with 15 years’ experience in the Information Technology arena.

Must Have One of the Following Certifications


The Ability to get a DHS EOD and to obtain a DOD Secret Clearance

SSi is an equal opportunity employer regardless of race, color, religion, creed, sex, marital status, national origin, disability, age, veteran status, on-the-job injury, sexual orientation, political affiliation or belief. Employment decisions are made without consideration of these or any other factors that employers are prohibited by law from considering. Any discriminatory action can be a cause for disciplinary action. SSi also prohibits discrimination against individuals with disabilities and will reasonably accommodate applicants with a disability, upon request, and will also ensure reasonable accommodation for employees with a disability. Veterans