Splunk Engineer - Top Secret w/ Full Scope Poly Required

The candidate will be part of a team of Splunk Engineers maintaining various client's Splunk instances with a heavy emphasis on data on-boarding, content development, reporting, and visualizations. All candidates must possess prior Splunk engineering and administration experience, meet the necessary certification prerequisites, and work well in a team environment. Candidates with backgrounds supporting federal customers is a plus.

As a TZT consultant, the candidate will receive access to the full knowledge base which is driven by the True Zero community as well as the technical backing of the entire PS team. True Zero encourages collaboration and growth through information sharing and knowledge workshops. The candidate will also have access to our internal Slack channel to stay connected with the team as well as the necessary tools to train, demo, test and grow their professional skills.

Qualification Requirements

• For this position only candidates with Top Secret Clearance w/ Full Scope Poly will be condsidered
• Splunk Core Certified Consultant or Architect Certification preferred but. not required
• Highly qualified candidates will be trained to be Splunk Certified
• Strong experience/certifications in ITSI and/or Splunk Enterprise Security
• Experience designing and implementing ground up distributed Splunk installations including all Splunk server roles (Search Head, Indexers, Heavy Forwarders and Universal Forwarders, etc.)
• Experience with advanced configuration of Splunk including Indexer Clustering and Search Head Clustering.
• Experience maintaining and administering enterprise Splunk implementations.
• Experience developing custom Splunk content including scheduled searches, reports, dashboards, etc.
• Proficient at data on-boarding activities including custom parsing rules, custom Technology Add-On building according to Splunk's Common Information Model (CIM).
• Experience configuring indexes, index routing, retention policies, etc.
• Experience working in linux and windows environments, ability to configure:
• Storage subsystems (I.e. partitioning, Volume Groups, Logical Volumes, etc.)
• SELinux
• Familiarity with different flavors of Linux distros (RedHat, CentOS, Ubuntu, etc.)
• File Permission Settings (linux/windows)
• Excellent written and oral skills, ability to work closely with multiple customers, manage expectations, and track engagement scope.

Preferred Qualifications

• Top Secret Clearance w/ Full Scope Poly
• Splunk Core Consultant Certification
• Splunk Enterprise Security Implementation Certification
• Splunk IT Service Intelligence certification
• Understanding of Syslog daemon configuration principles, ideally in Syslog-NG and RSyslog configurations.
• Cloud experience (AWS, Azure, etc.)
• Development and API experience (Python, Perl, XML)
• SaltStack, Ansible, and other enterprise automation tool experience.
• Hardware experience and storage experience (SAN, NAS, etc.)

U.S. Citizenship is required as this is in support of a Federal Customer.