Splunk Developer

Intersec

Reston, VA

Full Time

Mid Level

10 days ago

Job Description

About the Role

We are seeking a skilled and detail-oriented Splunk Developer to join our technical team. The ideal candidate will play a crucial role in building, configuring, and maintaining Splunk infrastructure and dashboards, enabling effective monitoring, data analysis, and incident response across the organization. You ll work closely with security, operations, and application teams to design scalable solutions using Splunk Enterprise and its apps.

Key Responsibilities

Design, develop, and maintain Splunk dashboards, alerts, reports, and data visualizations tailored to business and security needs.
Onboard new data sources, configure data parsing, and ensure data normalization using field extractions, transforms, and props.conf settings.
Develop and maintain SPL (Search Processing Language) queries for efficient data retrieval and correlation.
Integrate Splunk with various technologies and data sources including syslog, REST APIs, AWS, Windows, Linux, and firewalls.
Support and optimize Splunk performance, indexing, and search efficiency across distributed environments.
Work with Security Operations Center (SOC) and DevOps teams to support threat detection, compliance, and operational monitoring use cases.
Implement best practices for data lifecycle management, data models, and CIM compliance.
Troubleshoot issues related to data ingestion, searches, and dashboard performance.
Participate in architectural planning, upgrades, and capacity planning of Splunk infrastructure.
Develop and maintain technical documentation, SOPs, and deployment checklists.

Requirements

Bachelor's degree in Computer Science, Information Systems, or related field.
3+ years of hands-on experience with Splunk development, administration, and architecture.
Strong proficiency in SPL, regex, and data parsing techniques.
Experience with onboarding logs from diverse sources (e.g., AWS, Palo Alto, Linux, Windows, etc.).
Working knowledge of scripting (e.g., Python, Bash) for automation and integration tasks.
Experience implementing and customizing Splunk Enterprise Security (ES) or ITSI is a plus.
Familiarity with security concepts such as SIEM, threat hunting, and incident response.
Strong analytical and problem-solving skills with attention to detail.
Excellent communication and documentation skills.

Nice to Have

Splunk certifications such as Splunk Core Certified Power User, Splunk Certified Admin, or Splunk Enterprise Security Certified Admin.
Experience with cloud-native architectures and Splunk Cloud Platform.
Exposure to DevSecOps pipelines and CI/CD tools.
Experience integrating Splunk with SOAR platforms (e.g., Phantom).

Apply Now