Splunk Core & Enterprise Security (ES) Consultant
STEM Solutions, Portland, OR, United States
Position Overview
We are supporting a federal civilian agency undergoing a Splunk implementation and modernization effort. The Splunk Consultant will be responsible for maintaining and optimizing the Splunk Core and Enterprise Security (ES) environments while supporting the implementation and configuration of Splunk IT Service Intelligence (ITSI).
This role requires a hands-on practitioner who can operate within an existing environment while contributing to ongoing deployment efforts. The consultant will work closely with stakeholders across security, operations, and infrastructure teams to ensure system performance, data integrity, and actionable insights from the platform.
Key Responsibilities:
Maintain and support existing Splunk Core and Splunk Enterprise Security (ES) environments
Monitor system health, performance, and data ingestion across distributed Splunk architecture
Troubleshoot and resolve issues related to search performance, data pipelines, and system availability
Support the implementation, configuration, and optimization of Splunk IT Service Intelligence (ITSI)
Configure and maintain ITSI components including services, KPIs, glass tables, and correlation searches
Assist with onboarding new data sources, ensuring proper parsing, normalization, and CIM compliance
Develop and maintain dashboards, alerts, and reports for both operational and security use cases
Collaborate with cybersecurity teams to enhance detection capabilities within Splunk ES
Support upgrades, patching, and lifecycle management of Splunk components
Document configurations, processes, and standard operating procedures
Provide knowledge transfer and support to government personnel as needed
Required Qualifications:
Active Splunk Core Certified Consultant certification
Active Splunk Enterprise Security (ES) certification
Active Splunk ITSI Accreditation
5+ years of hands-on experience with Splunk in enterprise environments
Experience supporting both Splunk Core and Enterprise Security deployments
Experience implementing and configuring Splunk ITSI in a production environment
Strong understanding of Splunk architecture (indexers, search heads, forwarders, clustering)
Experience with data onboarding, parsing, and field extraction
Familiarity with Common Information Model (CIM) and data normalization
Experience with Linux environments and basic system administration
Ability to troubleshoot complex issues across infrastructure and application layers
Preferred Qualifications:
Experience supporting federal civilian or DoD environments
Familiarity with security frameworks (NIST, RMF, FedRAMP)
Experience integrating Splunk with cloud environments (AWS, Azure, or hybrid)
Knowledge of scripting languages such as Python or Bash for automation
Experience with DevOps or infrastructure-as-code approaches in Splunk deployments
Key Characteristics:
Able to operate independently in a production environment
Comfortable working in both sustainment and implementation phases simultaneously
Strong communication skills with the ability to work across technical and non-technical teams
Detail-oriented with a focus on system performance and reliability
We are supporting a federal civilian agency undergoing a Splunk implementation and modernization effort. The Splunk Consultant will be responsible for maintaining and optimizing the Splunk Core and Enterprise Security (ES) environments while supporting the implementation and configuration of Splunk IT Service Intelligence (ITSI).
This role requires a hands-on practitioner who can operate within an existing environment while contributing to ongoing deployment efforts. The consultant will work closely with stakeholders across security, operations, and infrastructure teams to ensure system performance, data integrity, and actionable insights from the platform.
Key Responsibilities:
Maintain and support existing Splunk Core and Splunk Enterprise Security (ES) environments
Monitor system health, performance, and data ingestion across distributed Splunk architecture
Troubleshoot and resolve issues related to search performance, data pipelines, and system availability
Support the implementation, configuration, and optimization of Splunk IT Service Intelligence (ITSI)
Configure and maintain ITSI components including services, KPIs, glass tables, and correlation searches
Assist with onboarding new data sources, ensuring proper parsing, normalization, and CIM compliance
Develop and maintain dashboards, alerts, and reports for both operational and security use cases
Collaborate with cybersecurity teams to enhance detection capabilities within Splunk ES
Support upgrades, patching, and lifecycle management of Splunk components
Document configurations, processes, and standard operating procedures
Provide knowledge transfer and support to government personnel as needed
Required Qualifications:
Active Splunk Core Certified Consultant certification
Active Splunk Enterprise Security (ES) certification
Active Splunk ITSI Accreditation
5+ years of hands-on experience with Splunk in enterprise environments
Experience supporting both Splunk Core and Enterprise Security deployments
Experience implementing and configuring Splunk ITSI in a production environment
Strong understanding of Splunk architecture (indexers, search heads, forwarders, clustering)
Experience with data onboarding, parsing, and field extraction
Familiarity with Common Information Model (CIM) and data normalization
Experience with Linux environments and basic system administration
Ability to troubleshoot complex issues across infrastructure and application layers
Preferred Qualifications:
Experience supporting federal civilian or DoD environments
Familiarity with security frameworks (NIST, RMF, FedRAMP)
Experience integrating Splunk with cloud environments (AWS, Azure, or hybrid)
Knowledge of scripting languages such as Python or Bash for automation
Experience with DevOps or infrastructure-as-code approaches in Splunk deployments
Key Characteristics:
Able to operate independently in a production environment
Comfortable working in both sustainment and implementation phases simultaneously
Strong communication skills with the ability to work across technical and non-technical teams
Detail-oriented with a focus on system performance and reliability