Splunk Engineer SME
**Must be open to working at client sites in Washington, DC.**
CGI Federal has an exciting opportunity for a Splunk Engineer SME. You will enhance the cyber security posture of 26 civilian government agencies through improved visibility into user credential management. You will actively identify and mitigate a wide range of cyber risks and will also work closely with a wide variety of agencies, learning their mission, priorities, organization and unique challenges. This opportunity will support a dynamic, fast-paced and energetic project running 20+ concurrent implementations.
- The Splunk Engineer SME will be supporting a strategic federal cyber security client.
- Primary mission of the project will be in implementing a proactive risk management solution to enhance the customer’s defense posture.
- Candidate will work with a highly skilled and experienced team focusing on next generation security solutions.
- Additionally, this individual will serve as a trusted advisor, technical leader and cyber security expert for the organization and drive future growth capabilities from existing engagements.
- This candidate will function as a security advisor and consultant for customers on people, policy, processes and technology issues surrounding security engagements while helping scope and design multi-vendor security solutions for large networks and supporting customers in their risk and threat mitigation solutions.
- Additionally, the Splunk Engineer SME will play a role in the development of additional cyber security offerings to support both emerging and next generation cyber security technologies.
Your future duties and responsibilities
- Ability to work with a diverse team on security tools and applications providing custom and tailored software changes as required on Splunk to monitor and detect cyber security threats in an environment for various clients within large program.
- Experienced in working with other cyber security experts to develop use cases, data models and connectors within Splunk to meet overall program objectives.
- Act as the Splunk Search Language (SPL) expert in developing network or endpoint-based anomaly detection alerting logic in SPL and building dashboards to visualize results.
- Able to conduct research in security principles, host and network based security technologies, industrial controls system devices, machine language learning algorithms and attack and mitigation methods.
- Experienced in the design, analysis, evaluation, installation, testing, debugging and installation of Splunk.
- Day-to-day activities include working with customer teams and supporting current tasks and activities.
- Responsibilities include leading customer engineering teams.
- Work closely with customer delivery managers to prioritize daily tasks.
- Participate in technical meetings with customers’ technical specialists.
- Provide tier 3 support for incidents relating to Splunk infrastructure operations.
- Continuously improve customers’ Splunk deployments and integrate new technologies and services.
Required qualifications to be successful in this role
- Due to the nature of the government contract requirements and/or clearance requirements, US citizenship is required
- Bachelor's degree in Computer Science or a related field
- 5+ years of experience with Splunk, network security and system security supporting security event management tools, including SIEMs
- 2+ years of experience with rule and advanced logic creation in Splunk
- Thorough understanding and operational experience with Splunk Search Language
- Development of automated searches and applications using Python, shell scripting, HTML, CSS and regular expressions.
- Thorough understanding of Splunk’s Common Information Model (CIM)
- Understanding of Splunk’s advanced capabilities to include: Splunk Enterprise Security (ES), Splunk User Behavior Analytics (UBA), Splunk Machine Learning Toolkit, Splunk Cloud, Advanced Threat Analytics
- Experience in using scripting languages to automate tasks and manipulate data
- Knowledge of enterprise logging, with a focus on application logging
- Education and/or formal training may substitute for experience requirement
- Ability to develop and integrate solutions across a diverse and heterogeneous IT environments.
- Experienced in providing technical integration advice that includes evaluating inputs, WMI issues, crash logs, and alert scripts with the ability to identify and correct vulnerability findings experienced with Splunk migrations and implementations.
- Previous experience with expert knowledge of data normalization and data modeling specifically within the Splunk environment
- Articulate and convey advanced technical concepts in presentations and client meetings
- Development of documentation, architecture diagrams, and process and procedures for end users
- Ability to produce high quality technical documentation
- Excellent troubleshooting skills and strong technical learning aptitude required.
- At least 5 years of experience with a scripting language (Bash, Perl, Python)
- Expertise with Linux and command-line interface
- Experience working with security technologies to include end point security tools, boundary protection technologies, network security tools, and vulnerability management technologies.
- Knowledge of network technology and common internet protocols
- Experience deploying apps within Splunk or administrating the Splunk platform
- Detailed understanding and strong skill set in operating and working with the Splunk tool set
- Currently hold Splunk specific certifications: Splunk Administrator
- Security relevant certifications: CISSP, CISM, CISA, Security+
Build your career with us.
It is an extraordinary time to be in business. As digital transformation continues to accelerate, CGI is at the center of this change—supporting our clients’ digital journeys and offering our professionals exciting career opportunities.
At CGI, our success comes from the talent and commitment of our professionals. As one team, we share the challenges and rewards that come from growing our company, which reinforces our culture of ownership. All of our professionals benefit from the value we collectively create.
Be part of building one of the largest independent technology and business services firms in the world.
Learn more about CGI at www.cgi.com .
No unsolicited agency referrals please.
CGI is an equal opportunity employer.
Qualified applicants will receive consideration for employment without regard to their race, ethnicity, ancestry, color, sex, religion, creed, age, national origin, citizenship status, disability, medical condition, military and veteran status, marital status, sexual orientation or perceived sexual orientation, gender, gender identity, and gender expression, familial status, political affiliation, genetic information, or any other legally protected status or characteristics.
CGI provides reasonable accommodations to qualified individuals with disabilities. If you need an accommodation to apply for a job in the U.S., please email the CGI U.S. Employment Compliance mailbox at . You will need to reference the requisition number of the position in which you are interested. Your message will be routed to the appropriate recruiter who will assist you. Please note, this email address is only to be used for those individuals who need an accommodation to apply for a job. Emails for any other reason or those that do not include a requisition number will not be returned .
We make it easy to translate military experience and skills! Click here to be directed to our site that is dedicated to veterans and transitioning service members.
All CGI offers of employment in the U.S. are contingent upon the ability to successfully complete a background investigation. Background investigation components can vary dependent upon specific assignment and/or level of US government security clearance held.
CGI will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with CGI’s legal duty to furnish information.