CACI International Splunk Engineer in Arlington, Virginia

Job Description

The Splunk Engineer will be responsible for the architecture, installation, administration, and development of Splunk log parsing and alert monitoring, with a goal toward enhancing infrastructure as it relates to application and server data, reporting, custom queries, dashboards, and security roles administration. In addition to log analytics, you will help administrate a variety of other platforms within the Enterprise Management suite.


  • Architect, design, support, and maintain Splunk infrastructure for a highly available and disaster recovery configuration

  • Administer Splunk and Splunk Application for Enterprise Security (ES) log management

  • Standardize Splunk agent deployment, configuration and maintenance across a variety of UNIX and Windows platforms

  • Troubleshoot Splunk server and agent problems and issues

  • Assist internal users of Splunk in designing and maintaining production-quality dashboards

  • Mentor users and other groups on their use of Splunk

  • Monitor the agent and server infrastructure for capacity planning and optimization

  • Design core systems performance and troubleshooting logs

  • Support Splunk on Unix, Linux and Windows-based platforms

  • Perform data mining and analysis, utilizing various queries and reporting methods

  • Solve complex Integration challenges and debug complex configuration issues

  • Technical writing/creation of formal documentation such as architecture diagrams, technical designs, and SOPs

Required Qualifications

  • Bachelor’s degree in Computer Science, Information Security or related technical field; or 7 - 9 years of relevant work experience

  • Splunk experience - minimum 2 to 5 years' experience architecting, configuring, deploying, and customizing the tool

  • Strong understanding of Splunk configuration files and architecture

  • Knowledge of advanced search and reporting commands

  • Demonstrated ability to create complex dashboards, forms, and visualizations

  • Understanding of System Log Files and other structured and non-structured data

  • Intermediate level understanding of Solaris, Linux and Windows operating systems

  • Current Secret Clearance required; SSBI preferred

  • Security+ certification

  • Effective verbal and written communication skills that include the ability to describe highly technical concepts in non-technical terms

Desired Qualifications

  • Splunk Architect or Splunk Administrator certification preferred

  • Knowledge of a scripting language and UNIX command line

  • Experience working in DISA and working with the DISA DECC environment

  • Strong knowledge of application monitoring and event management

  • Knowledge in the Common Information Model (CIM), Understand the relationship between the CIM and knowledge objects, ability to create a lookup file and create a lookup definition& field aliases and calculated fields

  • In depth understanding of Splunk license management preferred

Job Location


CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is proud to provide dynamic careers for employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.