Splunk Cybersecurity SME

Overview

• Tier One Technologies is seeking a Splunk Cybersecurity SME to support our direct US Government client.
• This is going to be a 100% remote Contract-to-Hire position.
• SELECTED CANDIDATES WITHOUT REQUIRED CLEARANCE WILL BE SUBJECT TO A FEDERAL GOVERNMENT BACKGROUND INVESTIGATION TO RECEIVE IT.

Responsibilities

• Design, deploy, and maintain on-premises and cloud based Splunk environments to support enterprise-level monitoring, alerting, and reporting.
• Execute new projects as well as data and user onboarding.
• Manage knowledge objects (fields, extractions, tags, event types, lookups, workflow actions, aliases, macros, and so on) – through automations, scripting, management server functions; to include .conf and .cfg files in scope of the last four Splunk Enterprise versions.
• Mentor and guide junior researchers or team members.
• Support off-hours and weekend efforts for incident investigations and systems maintenance.

Qualifications

• A degree from an accredited College/University in the applicable field of services is required. If the individual's degree is not in the applicable field, then 4 additional years of related experience is required
• 8+ years of overall experience in cybersecurity.
• 5+ years of specific Splunk experience.
• Proven Splunk deployment and configuration management experience in large-scale environments.
• Proficiency in writing complex Splunk queries, dashboards, and alerts using SPL (Search Processing Language).
• Experience with REST APIs for Splunk and external system integration.
• Ability to leverage the Splunk AI Assistant and other AI tools to increase accuracy and efficiency of task and other deliverables.
• Advanced knowledge of Unix/Linux and/or Windows systems administration and troubleshooting.
• Strong scripting skills in Bash, Python, JavaScript, SQL and PowerShell for automation and integration tasks.
• Experience with Splunk upgrades, patching, and performance tuning.
• Proficiency in integrating Splunk with cloud platforms (AWS, GCP, Azure).
• Understanding of security and compliance requirements and implementation of role-based access controls (RBAC) in Splunk.
• Strong knowledge of logging standards and best practices across application and infrastructure layers.
• Strong problem-solving skills and the ability to translate research insights into practical solutions that address real-world challenges.
• Strong communication and collaboration skills with the ability to articulate complex technical concepts to both technical and non-technical audiences.
• Must be a US Citizen or have permanent residence status (Green Card).
• Must be able to obtain a Position of Public Trust Clearance.
• Must be able to pass a drug screening, criminal history, and credit checks.
• Must have lived in the United States for the past 5 years.
• Cannot have more than 6 months travel outside the United States within the last five years. Military Service excluded. (Exception does not include military family members).