Splunk Back-end Engineer

Peraton is seeking a Splunk Back-End Engineer to build, maintain, and optimize our Splunk platform and security orchestration workflows. You’ll ensure reliable data ingestion, perform platform upgrades, automate incident playbooks, and tune search performance to power analytics and reporting solutions.  Prior FAA experience is highly desirable.  Direct collaboration with FAA customers is expected.  Remote position with occasional local on-site meeting support in the Washington, DC, Okalahoma City, OK, or Egg Harbor Township, NJ area required.

KEY RESPONSIBILITIES:

• PLAN AND EXECUTE PLATFORM UPGRADES
  – Roll out Splunk Enterprise and Cloud upgrades; build configuration artifacts and run regression tests
  – Stabilize upgraded indexers and search heads and remediate vulnerabilities
• MANAGE DATA INGESTION AND INDEXING
  – Configure universal and heavy forwarders for Windows and Linux; define inputs, source types, and volume/retention policies
  – Onboard new data sources (syslog servers, firewall logs, cloud storage); validate data quality
• DEVELOP AND MAINTAIN SOAR PLAYBOOKS
  – Build and tune SOAR runbooks for EDR isolation, script execution, and malware hash evaluation
  – Automate incident ingest, enrichment, and response via Python and PowerShell scripts
• OPTIMIZE SEARCHES AND REPORTING
  – Create and refine saved searches, alerts, summary indexes, and dashboards for security and operations use cases
  – Tune SPL queries and accelerate dashboard load times under heavy data volumes
• CAPACITY PLANNING & PERFORMANCE TUNING
  – Monitor cluster health; scale indexers/search heads; adjust clustering and resource allocation
  – Conduct performance tuning for ingestion pipelines and search concurrency
• DOCUMENTATION & SUPPORT
  – Author runbooks, architecture diagrams, and user guides for configuration, troubleshooting, and capacity planning
  – Troubleshoot support tickets and mentor junior team members

BASIC QUALIFICATIONS:

• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Engineering, or related IT field with 5 years of relevant experience; or Master's degree and 3 years’ relevant experience; or high school diploma/equivalent and 9 years relevant experience
• Minimum 5 years hands-on experience administering Splunk Enterprise or Cloud and developing SOAR integrations including Splunk Enterprise/Cloud forwarders, clustering, and indexer configuration
• 5 years’ experience with scripting skills in Python and PowerShell for automation and playbook development
• 3 years’ experience with the following tools: Splunk Enterprise · Splunk Cloud · Splunk SOAR · Universal & Heavy Forwarders · Python · PowerShell · SOAR runbook frameworks · syslog ingestion · AWS S3/SQS ingest pipelines · Docker (for SOAR apps) · Git for configuration management
• Must be a US Citizen

PREFERRED QUALIFICATIONS:

• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Engineering, or related IT field with 6 years of relevant experience; or Master's degree and 4 years’ relevant experience; or high school diploma/equivalent and 10 years relevant experience
• Proven ability to optimize SPL performance and scale large ingest pipelines
• Excellent troubleshooting, documentation, and collaboration skills
• In-depth understanding of the Continuous Diagnostics and Mitigation (CDM) program and its phases (vulnerability management, configuration management, identity and access management, and incident response)
• Proficiency in Zero Trust principles, including micro-segmentation, least-privilege access, and continuous verification of users, devices, and services
• Expertise in the NIST Risk Management Framework (RMF) (SP 800-37/SP 800-53), from categorization through monitoring and continuous authorization
• Familiarity with the Cybersecurity Assessment and Secure Mission (CASM) model for evaluating control effectiveness and mission impact
• Knowledge of Federal Information Security Modernization Act (FISMA) requirements and annual reporting processes
• Experience applying FedRAMP security controls for cloud service providers and managing authorization packages (SSP, SAR, POA&M)
• Understanding of DISA STIG and SCAP standards for system hardening and automated compliance checking
• Ability to map organizational controls to CISA CDM dashboard metrics and drive dashboard data integrations

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.