Location: HQ, Fairfax VA; various DoD and Federal organizations
Telework: Approximately 50%
Clearance: Top Secret
Foxhole Technology provides gold standard solutions and service to our customers, including but not limited to: Security Incident and Event Management (SIEM); Continuous Monitoring and Risk Scoring; Scure Configuration Management; Systems, Software and Network Engineering; Developmental Test and Evaluation (DT&E); and Authorization and Accreditation (A&A). Our in-depth expertise provides robust capabilities in penetration testing, program management and information security, as well as in all areas of cyber security engineering for DoD, Federal and civilian agencies.
Foxhole Technology has an immediate, long term requirement for a SIEM/Splunk Implementation Engineer to lead our SIEM teams on our DOD and Federal prime contracts. This role requires the ability to design, architect and implement Splunk solutions in support of cybersecurity and/or IT operations. Our customer base within U.S. government organizations requires a Top Secret security clearance. This focus of this role is primarily engineering, designing, implementing and providing Tier III support for medium to large Splunk deployments. The candidate must have significant experience designing Splunk solutions in a clustered, distributed environment; and be able to work collaboratively with diverse end users, as well as geographically dispersed staff across CONUS and OCONUS.
- Designs new Splunk solutions based on customer requirements.
- Aids customers in refining existing Splunk deployments while applying Splunk best practices.
- Deploys Splunk in clustered and non-clustered environments (based on customer needs; includes indexer clusters, multi-site indexer clusters, and search head clusters).
- Guides the customer and support staff to apply best practices to management of Splunk knowledge objects (Apps, Dashboards, Saved Searches, Scheduled Searches, Alerts).
- Works with data owners and other third parties to design and implement a data pipeline using forwarders and other tools.
- Works with security and other relevant stakeholders to determine high availability requirements and to develop recommendations for replication and related features.
- Strong experience and expertise engineering Splunk solutions for a variety of customers.
- Experience in building Splunk Technology Add-ons and configuring field extractions for various data sources.
- Experience deploying/managing Splunk indexer clusters and search head clusters.
- Strong understanding of the underlying Splunk infrastructure and components (lookups, buckets, modular inputs, standard inputs, relationships between varying configuration files, etc.).
- Strong Linux system administration and engineering skills; must be very comfortable administering servers from the command line and working with configuration files.
- Ability to work collaboratively with a globally distributed team.
- Strong sense of self-motivation; ability to identify problems and offer solutions.
- Ability and willingness to learn new things.
- Splunk Certified Architect required.
- DoD 8570 certification in the IAT Level III and/or CNDSP tier (CISSP or CASP, and CEH) or obtain within six months of employment.
- 3+ years experience with Splunk in a distributed, enterprise environment.
- 7+ years experience in a technical IT position involving systems administration and/or systems engineering.
- Splunk Enterprise Security.
- Splunk IT Service Intelligence.
- Splunk UBA.
- Experience working with other big data analytics solutions (Elasticsearch, Apache Spark, Hadoop, etc.) especially experience integrating these third party solutions with Splunk (using pre-built integrations like Hunk, or developing your own).
- Phantom or other SOAR products.
- Experience with other SIEM products like ArcSight, QRadar, LogRhythm, Exabeam, etc.