Senior Splunk Engineer/Log Management (Remote)

GDIT is seeking a remote Senior Splunk Engineer/Log Manager with proven experience in the areas of application, database, and end-point event and log centralization/management. The desired resource will support a federal customer with the design and implementation of their M-21-31 compliant event logging implementation.

Duties and responsibilities include:

• Design and implement comprehensive logging solutions, in alignment with M-21-31 and EO 14028 requirements leveraging Splunk Enterprise and other enterprise event driven tool suites.

• Work closely with government stakeholders to understand security requirements, interpret directives, and support the technical application to the operating environment

• Implement log standards and data integrity processes to ensure events are logged in alignment with federal requirements

• Verify logging compliance, ensuring application and system logs are generated and captured with the centralized logging solution

• Candidate will be “hands-on” with the solution deployment and implementation of the following Splunk elements:

  • Log data ingestion from applications, databases, infrastructure endpoints, and monitoring tools

  • Development of Saved and Scheduled Searches

  • Report and Dashboard/Data Visualization development

  • Establish Logging Event Alerting and assist with event correlation duties

  • Establish interfaces and data sharing with other Splunk instances to integrate data feeds

• Provide strategic and technical recommendations to sponsor, occasionally writing short whitepapers and/or building executive briefs

• Collaborate with stakeholders to identify, implement, and prioritize new potential risk indicators into Splunk UBA.

• Develop and publish the following solution documentation:

  • Document modifications to the current Splunk configuration baseline to include architecture diagrams

  • Publish Splunk Job-Aids/User Documentation and Splunk Training Materials

• Develop and deliver training to the stakeholder community, providing operational guidance to include the following elements:

  • Deployed searches

  • Reports and dashboards

  • Alerts

  • Event Correlation

Required Qualifications:

• A bachelor's degree in computer science, Cybersecurity, Software Engineering, Computer Science or a closely related technical field and at least 7 years of experience in developing and implementing Splunk Enterprise logging solutions.

• At least 10 years of extensive, directly relevant experience in Cybersecurity with a focus on Splunk may be considered in lieu of a degree.

• Splunk Certifications: Splunk Enterprise Security Certified Admin, Splunk Enterprise Certified Architect

• Advanced SPL search construction and optimization with a focus on security and detection engineering

• Thorough understanding of Splunk User Behavior Analytics to support the development of a UBA strategy and technical implementation.

• In-depth understanding of White House Memorandum on Federal System Logging Requirements (M-21 -31), data integrity principles, log analysis, logging best practices, and rigorous auditing standards as they relate to government record-keeping requirements.

• Strong understanding of web application, database, networking, and compute infrastructure log data formats, event correlation, and data retention policies.

• In-depth knowledge of cybersecurity frameworks (NIST, ISO, etc.), risk assessment methodologies, and federal compliance standards.

• Ability to translate technical security requirements into actionable plans for development teams and clearly articulate risks to non-technical stakeholders.

• Proven track record in designing and implementing robust Splunk-based log aggregation solutions in alignment with federal government-mandated compliance framework requirements.

• Exceptional written and verbal communication to support the development and delivery of solution training.

Desired Qualifications:

• Certification: Splunk Enterprise Certified Admin

• Certification: Splunk O11y Cloud Certified Metrics User

• Certification: Certified Information Systems Security Professional (CISSP)

• Expertise in federal records management principles and auditing best practices.

• Proficiency in developing technical standards and documentation.

• Experience in working with managing large-scale databases.

NEEDED:
●US Citizenship Required

GDIT IS YOUR PLACE:
● 401K with company match
● Comprehensive health and wellness packages
● Internal mobility team dedicated to helping you own your career
● Professional growth opportunities including paid education and certifications
● Cutting-edge technology you can learn from
● Rest and recharge with paid vacation and holidays