Splunk Ingest Engineer

Splunk Ingest Engineer 

As a Splunk Ingest Engineer, you will be entrusted with the critical role of maintaining and expanding our Splunk infrastructure. Your day-to-day responsibilities will include health checks, maintenance, and deployment activities that are crucial for the seamless operation of our Splunk ecosystem.

The company is located in the D.C. Metro area. This position is a 12 month contract-to-hire and will remain 100% remote.

What You Will Be Doing:

• Perform daily health checks to ensure optimal performance and security of the deployed Splunk infrastructure.
• Carry out routine maintenance activities, including:
  • Applying OS patches and upgrades to ensure system integrity.
  • Upgrading Splunk Enterprise and associated apps, including Splunk Enterprise Security (ES)
  • Managing SSL certificates for secure communications
  • Conducting regular backups and restoration operations when necessary
• Deploy new Splunk infrastructure and AWS services, involving:
  • Scaling Splunk Indexer Cluster and Search Head Cluster
  • Server resizing to meet operational demands.
  • Configuration of AWS resources such as S3 buckets, Load Balancers, Security Groups, and IAM Roles and Policies
• Implement new Splunk configurations, including:
  • Custom app development tailored to business requirements.
  • Creation and management of indexes utilizing Smart Store technology.
• Oversee the deployment and maintenance of log ingest mechanisms:
  • Manage Universal Forwarders and Deployment Server operations.
  • Configure props/transforms for data parsing and enrichment.
  • Integrate HTTP Event Collector (HEC) for data ingestion.
  • Monitor files, databases, and other data sources using tools like DB Connect and syslog/SC4S.
  • Ensure log ingest processes are compliant with the Common Information Model (CIM) and facilitate Data Model Acceleration.

Required Skills & Experience:

• Bachelor's degree in Computer Science, Information Security, or related field or equivalent professional experience
• Effective communication and collaboration skills
• Problem-solving skills and the ability to think strategically about security.
• Continuous learning mindset to stay updated with the rapidly evolving cyber threat landscape.
• Minimum 3 years of hands-on experience in Splunk Administration
• The below ideal core competencies and experience should align candidates for success in the NS2 Environments:
  • Windows and Linux operating system administration
  • Hardware, software, and network-level troubleshooting
  • Automation via infrastructure as Code (IaC), e.g., Terraform, Ansible, etc.
  • Programming/scripting experience e.g.: Python, PowerShell, Bash, Golang, C, JS, SQL, etc.
  • Log management and parsing strategies
  • CI/CD pipeline experience e.g.: Jenkins, Concourse, GitHub Actions, etc.
  • Cloud Platforms, e.g., AWS, Azure, GCP
  • Familiarity with security compliance frameworks and regulations such as NIST 800-171 or 800-53

Desired Skills & Experience:

• Splunk Architect certification
• Splunk Administrator certification
• Red Hat Enterprise Linux certifications, such as RHCSE or RHCSA
• Cloud provider (AWS, Azure, GCP) certifications
• Prior DoD or FedRAMP experience

Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.
This position doesn’t provide sponsorship.

You will receive the following benefits:

• Medical Insurance - Four medical plans to choose from for you and your family
• Dental & Orthodontia Benefits
• Vision Benefits
• Health Savings Account (HSA)
• Health and Dependent Care Flexible Spending Accounts
• Voluntary Life Insurance, Long-Term & Short-Term Disability Insurance
• Hospital Indemnity Insurance
• 401(k) including match with pre and post-tax options
• Paid Sick Time Leave
• Legal and Identity Protection Plans
• Pre-tax Commuter Benefit
• 529 College Saver Plan

Motion Recruitment Partners is an Equal Opportunity Employer, including Veterans/Disability/Women. All applicants must be currently authorized to work on a full-time basis in the country for which they are applying, and no sponsorship is currently available. Accommodation will be provided in all parts of the hiring process as required under Motion Recruitment Employment Accommodation policy. Applicants need to make their needs known in advance.