Cybersecurity Engineer - Splunk SME

<b>Description</b><br><p>Dragonfli Group is a cybersecurity and IT consulting firm headquartered in Washington, D.C. We provide expert services to clients across both government and commercial sectors, supporting projects that range from rapid assessments to multi-year digital transformation efforts. Our consultants work in on-site, hybrid, and remote environments based on client needs.</p><p><br></p><p>We’re hiring a <strong>Splunk Cyber Security SME</strong> to drive visibility, automation, and security intelligence across one of the largest data environments in the federal space. This isn’t just a monitoring role — you’ll be at the heart of designing and engineering Splunk infrastructure that supports national-scale operations. From real-time telemetry and alerting to advanced dashboards and automations, your work will directly impact mission-critical decision making.</p><p><br></p><p>If you’re ready to take on complex data challenges, work shoulder-to-shoulder with elite DevOps and Security teams, and engineer systems that scale — this role was built for you.</p><p><br></p><p>This is a <strong>remote</strong> role (U.S. only) with potential <strong>occasional off-hours or weekend support</strong>. <strong>U.S. Citizenship or Permanent Residency is required. </strong></p><p><strong></strong></p><p><strong>Responsibilities</strong></p><ul><li>Architect and maintain enterprise-grade Splunk environments across on-prem and cloud platforms</li><li>Create and manage knowledge objects, complex SPL queries, alerts, and dynamic dashboards</li><li>Design and implement scalable data ingestion pipelines and parsing logic</li><li>Collaborate with DevOps, Security, and Infrastructure teams to ensure optimal system performance</li><li>Develop automation workflows and UI interfaces to enhance operational efficiency</li><li>Troubleshoot data latency, availability, and integration challenges</li><li>Support system maintenance, version upgrades, and environment hardening</li><li>Contribute to technical mentorship and process documentation</li></ul><br> <b>Requirements</b><br><p>Must-Have:</p><ul><li>5+ Years of Splunk Experience Required</li><li>Manages knowledge objects (fields, extractions, tags, event types, lookups, workflow actions, aliases, macros, and so on) – through automations, scripting, management server functions; to include .conf and .cfg files in scope of the last four Splunk Enterprise versions</li><li>Experience with Splunk deployment and configuration management in large-scale environments</li><li>Proficiency in writing complex Splunk queries, dashboards, and alerts using SPL (Search Processing Language)</li><li>Experience with REST APIs for Splunk and external system integration</li><li>Ability to analyze and troubleshoot complex data ingestion and parsing issues</li><li>Designing and developing an automations workflow and dashboard interface for such</li><li>Self-starter with a service-oriented mindset who will take action, find ways to solve problems, and move projects to conclusion independently</li><li>Strong problem-solving skills and the ability to translate research insights into practical solutions that address real-world challenges.</li><li>Strong communication and collaboration skills with the ability to articulate complex technical concepts to both technical and non-technical audiences.</li><li>Experience in mentoring and guiding junior researchers or team members</li></ul><p><br></p><p>Preferred:</p><ul><li>Ability to leverage the Splunk AI Assistant and other AI tools to increase accuracy and efficiency of task and other deliverables</li><li>Advanced knowledge of Unix/Linux and/or Windows systems administration and troubleshooting</li><li>Strong scripting skills in Bash, Python, JavaScript, SQL and PowerShell for automation and integration tasks</li><li>Experience with Splunk upgrades, patching, and performance tuning</li><li>Proficiency in integrating Splunk with cloud platforms (AWS, GCP, Azure)</li><li>Understanding of security and compliance requirements and implementation of role-based access controls (RBAC) in Splunk</li><li>Strong knowledge of logging standards and best practices across application and infrastructure layers</li><li>Extensive knowledge of defense-in-depth principles, Network and Security architecture, network topology, IT device integrity, and common security elements.</li><li>Executes new projects as well as data and user onboarding</li><li>Strong understanding of IT and Cyber industry standards and technologies to include such controls governed by NIST, FISMA, and FedRamp</li><li>Experience installing and utilizing and developing with the Splunk App for Data Science and Deep Learning.</li><li>Experience installing and utilizing and developing with the Splunk SOAR Automation toolset</li><li>Experience or background in the Cybersecurity, Systems/Network Administration or Observability industry</li></ul><br> <b>Skill(s)</b><br><p>Must-have</p><ul><li> 5+ years of Splunk engineering experience in complex, high-volume environments</li><li> Proficiency in SPL, knowledge object development, and configuration management</li><li> Strong background in Linux/Unix systems administration</li><li> Skilled in scripting languages (Python, Bash, PowerShell, etc.)</li><li> Experience with REST APIs and external system integrations</li><li> Ability to diagnose ingestion, parsing, and indexing issues at scale</li><li> Self-driven problem solver with a consulting mindset and strong communication skills</li></ul><p><br></p><p>Preferred Qualifications</p><ul><li> Experience with Splunk AI Assistant, SOAR, and DSDL frameworks</li><li> Familiarity with cloud services (AWS, Azure, GCP) and hybrid deployments</li><li> Understanding of NIST, FISMA, FedRAMP, and other security frameworks</li><li> Expertise in role-based access controls (RBAC), secure logging, and compliance</li><li> Background in cybersecurity, observability, or infrastructure engineering</li></ul><br> <b>Benefits</b><br><ul><li>Insurance - health, dental, vision</li><li>PTO &amp; 11 Federal Holidays</li><li>401(k), employer match</li></ul><p><br></p><br> <b>Travel</b><br>None<br>