Senior Splunk Engineer/Log Management (Remote)

GDIT is seeking a remote Senior Splunk Engineer/Log Manager with proven experience in the areas of application, database, and end-point event and log centralization/management. The desired resource will support a federal customer with the design and implementation of their M-21-31 compliant event logging implementation.

Duties and responsibilities include:

• Design and implement comprehensive logging solutions, in alignment with M-21-31 and EO 14028 requirements leveraging Splunk Enterprise and other enterprise event driven tool suites.

• Work closely with government stakeholders to understand security requirements, interpret directives, and support the technical application to the operating environment

• Implement log standards and data integrity processes to ensure events are logged in alignment with federal requirements

• Verify logging compliance, ensuring application and system logs are generated and captured with the centralized logging solution
• Candidate will be "hands-on" with the solution deployment and implementation of the following Splunk elements:
  
  • Log data ingestion from applications, databases, infrastructure endpoints, and monitoring tools
  • Development of Saved and Scheduled Searches
  • Report and Dashboard/Data Visualization development
  • Establish Logging Event Alerting and assist with event correlation duties
  • Establish interfaces and data sharing with other Splunk instances to integrate data feeds
• Provide strategic and technical recommendations to sponsor, occasionally writing short whitepapers and/or building executive briefs
• Collaborate with stakeholders to identify, implement, and prioritize new potential risk indicators into Splunk UBA.
• Develop and publish the following solution documentation:
  
  • Document modifications to the current Splunk configuration baseline to include architecture diagrams
  • Publish Splunk Job-Aids/User Documentation and Splunk Training Materials
• Develop and deliver training to the stakeholder community, providing operational guidance to include the following elements:
  
  • Deployed searches
  • Reports and dashboards
  • Alerts
  • Event Correlation

Required Qualifications:

• A bachelor's degree in computer science, Cybersecurity, Software Engineering, Computer Science or a closely related technical field and at least 7 years of experience in developing and implementing Splunk Enterprise logging solutions.
• At least 10 years of extensive, directly relevant experience in Cybersecurity with a focus on Splunk may be considered in lieu of a degree.
• Splunk Certifications: Splunk Enterprise Security Certified Admin, Splunk Enterprise Certified Architect
• Advanced SPL search construction and optimization with a focus on security and detection engineering
• Thorough understanding of Splunk User Behavior Analytics to support the development of a UBA strategy and technical implementation.
• In-depth understanding of White House Memorandum on Federal System Logging Requirements (M-21 -31), data integrity principles, log analysis, logging best practices, and rigorous auditing standards as they relate to government record-keeping requirements.
• Strong understanding of web application, database, networking, and compute infrastructure log data formats, event correlation, and data retention policies.
• In-depth knowledge of cybersecurity frameworks (NIST, ISO, etc.), risk assessment methodologies, and federal compliance standards.
• Ability to translate technical security requirements into actionable plans for development teams and clearly articulate risks to non-technical stakeholders.
• Proven track record in designing and implementing robust Splunk-based log aggregation solutions in alignment with federal government-mandated compliance framework requirements.
• Exceptional written and verbal communication to support the development and delivery of solution training.

Desired Qualifications:

• Certification: Splunk Enterprise Certified Admin
• Certification: Splunk O11y Cloud Certified Metrics User
• Certification: Certified Information Systems Security Professional (CISSP)
• Expertise in federal records management principles and auditing best practices.

• Proficiency in developing technical standards and documentation.
• Experience in working with managing large-scale databases.

NEEDED:
•US Citizenship Required

GDIT IS YOUR PLACE:
• 401K with company match
• Comprehensive health and wellness packages
• Internal mobility team dedicated to helping you own your career
• Professional growth opportunities including paid education and certifications
• Cutting-edge technology you can learn from
• Rest and recharge with paid vacation and holidays

Work Requirements