SonicJobs Logo
Left arrow iconBack to search
  1. Home
  2. 97256, Portland, OR
  3. Senior Splunk Engineer

Senior Splunk Engineer

ECS Tech Inc
Posted 3 days ago, valid for 9 days
Location

Portland, OR 97256, US

Salary

Competitive

Contract type

Full Time

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Sonic Summary

info
  • Everforth ECS is looking for a Senior Splunk Engineer to join their team in Portland, OR, with the position contingent upon contract award.
  • The role involves designing, implementing, maintaining, and optimizing Splunk capabilities for cybersecurity monitoring and operations.
  • Candidates should have at least 5 years of experience in cybersecurity engineering or related fields, with a minimum of 3 years specifically in Splunk administration or engineering.
  • The ideal candidate will possess strong knowledge of Splunk Enterprise, security data pipelines, and troubleshooting complex issues, while collaborating with various stakeholders.
  • The salary for this position is competitive and commensurate with experience.

Everforth ECS is seeking a Senior Splunk Engineer to work in our Portland, OR office.  Please Note: This position is contingent upon contract award.

 

The Senior Splunk Engineer designs, implements, maintains, and optimizes Splunk capabilities that support cybersecurity monitoring, investigation, reporting, and security operations. This role is responsible for Splunk platform engineering, data onboarding, search performance, dashboards, alerts, integrations, and technical support for SOC and cybersecurity stakeholders. 

The ideal candidate has deep hands-on experience administering Splunk Enterprise, Splunk Enterprise Security, or Splunk Cloud environments; understands security data pipelines and SIEM operations; and can independently troubleshoot complex platform, data ingestion, parsing, indexing, search, and content issues while collaborating with analysts, engineers, and program leadership. 

 

Key Responsibilities 

Splunk Platform Engineering & Administration 

  • Administer, configure, maintain, and optimize Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud, or distributed Splunk environments. 
  • Support indexers, search heads, deployment servers, heavy forwarders, universal forwarders, apps, add-ons, knowledge objects, and role-based access controls. 
  • Monitor platform health, availability, license utilization, data ingestion, storage, capacity, search concurrency, and overall performance. 
  • Plan and execute upgrades, patches, configuration changes, backup and recovery activities, and platform maintenance in accordance with change management processes. 

Data Onboarding & Integration 

  • Onboard, normalize, validate, and maintain security, infrastructure, cloud, endpoint, network, application, identity, and operational data sources. 
  • Configure and troubleshoot inputs, forwarders, sourcetypes, indexes, props.conftransforms.conf, field extractions, lookups, event types, tags, and data routing. 
  • Map data to the Splunk Common Information Model and support data model acceleration, normalization, and content readiness for security analytics. 
  • Integrate Splunk with security tools, ticketing systems, SOAR platforms, vulnerability tools, EDR solutions, firewalls, IDS/IPS, cloud platforms, and identity systems. 

Security Analytics & Detection Support 

  • Develop, maintain, and tune SPL searches, correlation searches, alerts, dashboards, reports, notable event rules, and security monitoring use cases. 
  • Partner with SOC analysts, threat hunters, threat intelligence analysts, and security engineers to translate detection requirements into reliable Splunk content. 
  • Tune detections and searches to improve fidelity, reduce false positives, increase operational value, and support risk-based alerting or prioritization. 
  • Support incident response and investigations by validating log availability, developing ad hoc searches, retrieving evidence, and assisting with event timelines. 

Dashboarding, Reporting & Metrics 

  • Design and maintain dashboards, reports, scorecards, and visualizations for SOC operations, platform health, data coverage, compliance, and leadership reporting. 
  • Track and report key Splunk metrics such as ingestion volume, license consumption, search performance, alert volume, source coverage, and data quality. 
  • Automate recurring reporting and improve visibility into monitoring coverage, data source gaps, content effectiveness, and operational trends. 
  • Develop executive, operational, and technical views that communicate platform status and security monitoring performance clearly and accurately. 

Troubleshooting, Optimization & Engineering Support 

  • Diagnose and resolve complex Splunk issues involving ingestion delays, parsing problems, dropped data, search errors, slow dashboards, indexer performance, and app conflicts. 
  • Optimize SPL, data models, summary indexes, scheduled searches, acceleration settings, storage usage, and search workloads for reliability and efficiency. 
  • Support infrastructure planning, scaling, retention strategies, data lifecycle management, high availability, and disaster recovery considerations. 
  • Collaborate with system administrators, network engineers, cloud teams, security engineers, and vendors to resolve technical dependencies and platform issues. 

Documentation, Standards & Continuous Improvement 

  • Develop and maintain architecture diagrams, onboarding procedures, configuration standards, runbooks, troubleshooting guides, and operational documentation. 
  • Support governance of index naming, source type standards, app deployment, permissions, data retention, change control, and knowledge object management. 
  • Evaluate new Splunk apps, add-ons, content packs, integrations, and platform capabilities to improve security monitoring and operational efficiency. 
  • Mentor junior engineers and analysts on Splunk usage, search practices, data validation, dashboard development, and platform troubleshooting. 
Qualifications
  • 5+ years of experience in cybersecurity engineering, SIEM engineering, log management, infrastructure engineering, or security operations support. 
  • 3+ years of hands-on Splunk administration, engineering, or implementation experience in enterprise or mission-critical environments. 
  • Strong working knowledge of Splunk Enterprise, Splunk Enterprise Security, or Splunk Cloud administration, including indexes, forwarders, apps, add-ons, permissions, and distributed components. 
  • Demonstrated experience with SPL, data onboarding, sourcetype configuration, field extraction, parsing, normalization, dashboards, reports, and alert development. 
  • Experience troubleshooting ingestion, indexing, search performance, dashboard performance, licensing, and data quality issues. 
  • Understanding of SOC operations, security monitoring, incident response, detection engineering, and common cybersecurity data sources. 
  • Ability to document technical procedures clearly and communicate effectively with analysts, engineers, stakeholders, and leadership. 


Learn more about this Employer on their Career Site

Apply now in a few quick clicks

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Logo
SonicJobs
Your next career move. Sorted.
Search jobsbackground image

Contact us

© 2017 - 2026 SonicJobs Inc. All rights reserved

Terms & Conditions | Privacy Policy | Browse Jobs