Role: Splunk Engineer (Cribl Preferred)
Clearance: Secret Required
Location: Herndon, VA
OnsiteRequirement: (hybrid) 1-2x a week determined by the Engineering Lead
Position Description:Seeking a Splunk / Cribl Ingestion Engineer to support a SOC Engineering team responsible for expanding security visibility across cloud and on-premises environments. This engineer will own end-to-end log onboarding, parsing, normalization, routing, and platform optimization for assigned data sources across Splunk and Cribl. The ideal candidate is a hands-on engineer with strong SIEM platform experience and a solid understanding of the security monitoring and detection use cases those data pipelines support.
Required skills:- 4+ years of hands-on experience administering and engineering Splunk Enterprise in production environments
- Experience with distributed Splunk architectures, including forwarders, heavy forwarders, indexers, search heads, and clustering
- Strong experience with data onboarding, parsing, normalization, field extraction, and sourcetype management
- Experience troubleshooting data flow, search performance, platform health, and ingestion bottlenecks
- Experience supporting a SOC, SIEM, or cyber defense environment
- Experience onboarding logs from both cloud and on-premises systems
- Working knowledge of RHEL/Linux and Windows administration
- Ability to collaborate with analysts and engineers to align telemetry ingestion with detection, monitoring, and compliance requirements
Preferred skills:- Hands-on experience administering Cribl Stream in production environments
- Experience building and tuning Cribl routes, pipelines, packs, and worker groups
- Experience using Cribl to filter, enrich, route, redact, and optimize telemetry prior to Splunk ingestion
- Experience reducing ingest costs and improving telemetry quality through data shaping and routing strategies
- Familiarity with Splunk Enterprise Security, CIM, data models, and security content dependencies
- Experience ingesting data from AWS, Azure, Microsoft 365, identity platforms, EDR, firewalls, and network security tools
- Scripting experience in Python, Bash, or PowerShell
- Familiarity with regex, JSON parsing, syslog, and API-based log collection
Physical and Mental Qualifications:- Maintain focus and awareness throughout scheduled working hours.
- Perform tasks requiring prolonged periods of sitting or standing at a desk, utilizing a computer, mouse, and keyboard.
- Lift and move objects weighing up to 15 pounds as needed.
- Exhibit excellent verbal and written communication skills, with a strong command of the English language.
- Demonstrate the ability to work independently while also collaborating effectively as part of a team.
- Quickly learn and retain routine tasks and processes.
- Possess strong organizational skills, attention to detail, business correspondence proficiency, and self-management capabilities.
- Perform the essential functions of the role satisfactorily; reasonable accommodation will be provided for employees with disabilities upon request.
- Accept and adapt to additional responsibilities or changes to assigned duties as determined by DirectViz Solutions (DVS).
