CACI is seeking a Splunk Engineer to develop, customize, and maintain interactive dashboards, reports, and visualizations for Change Management, CIM compliance, and Enterprise Security. The role involves creating and tuning alerts for critical events and security incidents, designing and managing knowledge objects for data normalization and search efficiency, and integrating applications with Splunk. The goal is to enhance data analysis, improve search efficiency, and ensure compliance with enterprise logging standards.
Requirements
- 3+ years of hands-on experience in Splunk administration and development in an enterprise-level environment.
- Expertise with Splunk Enterprise and strong knowledge of the Search Processing Language (SPL).
- Proven experience creating complex dashboards, reports, and alerts.
- Solid understanding of Splunk architecture, data ingestion, and optimization best practices.
- Strong experience with regular expressions for field extractions.
- Splunk certification(s), such as Splunk Core Certified Advanced Power User or Splunk Enterprise Certified Admin.
- Proficiency in scripting languages like Python for Splunk automation.
Responsibilities
- Development, customizations, and maintenance of interactive dashboard(s), reports, and visualizations to Change Management, CIM compliance, Enterprise Security.
- Creation, management, and tuning of alerts to notify stakeholders of critical events and security incidents.
- Design and managing knowledge objects, such as field extractions using regex log parsing, event types, tags, and data models, to normalize data and improve search efficiency.
- Collaboration with Splunk Team members to ingest and normalize new data sources, ensuring compliance with the Common Information Model (CIM) and enterprise logging standards.
- Utilize Search Processing Language (SPL) to create complex queries, perform investigations, and provide deep data analysis for various use cases.
- Integration of various applications with Splunk, utilizing Splunk REST API to query endpoints.
- Build custom Technology Add-ons (TAs) to streamline data ingestion and improve overall Splunk system functionality
Other
- Bachelor's degree in Computer Science, Information Technology, or a related field, or equivalent work experience.
- Current Security+ certification
- Ability to pass T5 investigation
- Excellent written and verbal communication skills with the ability to document technical processes and requirements.
- Must openly communicate and share knowledge and solutions with team members
