Splunk Security Engineer - Gilder Search Group : Job Details

Input Technology Solutions is seeking an experienced Splunk Security Engineer with expertise in Cribl to join our Splunk Engineering team in Stennis, MS! The ideal candidate will assist with the designing, implementing, and maintaining of DHS' Splunk environment while leveraging Cribl for data processing and routing.

What You'll Get to Do:

The Splunk Security Engineer should feel comfortable optimizing and refining the current Splunk implementation while collaborating with cross-functional teams to enhance DHS' overall security posture.

The Splunk Security Engineer will:

• Design, implement, and maintain the Splunk infrastructure and solutions
• Configure and optimize Cribl Stream for data collection, processing, and routing
• Develop and maintain Splunk dashboards, alerts, and reports
• Assist with troubleshooting issues related to Splunk and Cribl implementations
• Perform capacity planning and performance tuning for Splunk and Cribl environments
• Collaborate with cross-functional engineering and ISSO teams to gather requirements and deliver solutions
• Document and map the architecture of the current Splunk implementation
• Support the development of a Security Engineering Tool roadmap
• Stay current with emerging security technologies and industry trends to recommend improvements or additions.

You'll Bring These Qualifications:

• Ability to attain DHS EOD with Top Secret clearance
• ITIL V4 Foundations certification (or obtain in first 6 months)
• BA/BS or equivalent +10 years of experience
• Significant experience in cybersecurity, with strong hands-on experience in access management and network security
• 5+ years of experience as a Splunk Engineer
• 2+ years of experience with Cribl Stream
• Strong knowledge of search processing language (SPL)
• Proficient in scripting languages (Python, Bash PowerShell) for automation and integration
• Experience with Linux/Unix system administration
• Experience working with and guiding technicians with varying skill levels and supporting end users remotely
• Experience with security tools and technologies, like SIEM, IDS/IPS, and firewalls
• Strong analytical and problem-solving skills, particularly in optimizing security workflows
• Professional, customer-oriented, and even-keeled under pressure
• Effective communicator at all levels, both written and verbal

These Qualifications Would be Nice to Have:

• Splunk Certified Admin or Architect certification
• Splunk Enterprise Security certification
• Significant experience with Cribl LogStream and Cribl Edge
• Knowledge of CI/CD pipelines and DevOps practices
• Familiarity with other observability tools (Elasticsearch, Prometheus)
• Knowledge of containerization technologies (Docker, Kubernetes)
• Experience with large-scale, distributed systems