Frontend Splunk Security Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, Engineering, Information Systems, Mathematics, Technology, or related IT field with 5 years of relevant experience; or Masters with 3 years of relevant experience; or High School with 9 years of relevant experience.
• Minimum 6 years hands-on experience building and supporting Splunk dashboards, reports, and saved searches.
• 3 years proficiency with SPL, Dashboard Studio, data models, and the Asset Framework.
• 3 years experience using the following tools and technologies: Splunk Enterprise (Search, SPL, Dashboard Studio, Data Models, Asset Framework), Splunk IT Service Intelligence (ITSI),Splunk Security Essential, JIRA, Git, REST APIs, JSON,Basic CSS/HTML for dashboard theming.
• US Citizenship required with the ability to obtain an FAA Public Trust clearance prior to start.

Nice To Haves

• Bachelor’s degree in Computer Science, Cybersecurity, Engineering, Information Systems, Mathematics, Technology, or related IT field with 6 years of relevant experience; or Masters with 4 years of relevant experience; or High School with 10 years of relevant experience
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), Certified Authorization Professional (CAP), Security+, Information Technology (IT) certification, or equivalent certification (Must obtain within 12 months of start if not currently certified.)
• Strong understanding of asset-centric reporting, CVE tracking, and executive situational awareness use cases• Proven ability to optimize Splunk search performance and design intuitive UI layouts
• In-depth understanding of the Continuous Diagnostics and Mitigation (CDM) program and its phases (vulnerability management, configuration management, identity and access management, and incident response)
• Proficiency in Zero Trust principles, including micro-segmentation, least-privilege access, and continuous verification of users, devices, and services
• Expertise in the NIST Risk Management Framework (RMF) (SP 800-37/SP 800-53), from categorization through monitoring and continuous authorization
• Familiarity with the Cybersecurity Assessment and Secure Mission (CASM) model for evaluating control effectiveness and mission impact
• Knowledge of Federal Information Security Modernization Act (FISMA) requirements and annual reporting processes
• Experience applying FedRAMP security controls for cloud service providers and managing authorization packages (SSP, SAR, POA&M)
• Understanding of DISA STIG and SCAP standards for system hardening and automated compliance checking
• Ability to map organizational controls to CISA CDM dashboard metrics and drive dashboard data integrations
• Writing scripts in Python, PowerShell, or Bash for security automation and log
• Automating security control enforcement using Ansible, Terraform, or cloud- native security tools.
• Securing cloud environments (AWS, Azure, Google Cloud) with Zero Trust, CASB, and cloud-native security controls.
• IAM, Privileged Access Management (PAM), and Role-Based Access Control (RBAC).
• Knowledge of cyber threats, attack vectors, Advanced Persistent Threats (APTs), and malware analysis.
• Security Information and Event Management (SIEM) solutions like Splunk, ArcSight, or QRadar.
• Firewalls, IDS/IPS (Snort, Suricata), VPNs, and endpoint security
• Secure configurations based on CIS Benchmarks, DISA STIGs, and SCAP
• Proficient in analysis activities and capable of applying theoretical body of knowledge, including the ability to apply a variety of standard and advanced analytical techniques and tools.
• Assessing risk impact and security control effectiveness in real-world
• Making data-driven decisions to improve security posture while balancing operational
• Ability to analyze security threats, correlate logs, and identify vulnerabilities in systems and networks.
• Troubleshooting security issues across multi-layered
• Ability to make decisions in accordance with established policies, guidelines and
• Working with cross-functional teams, executives, and auditors to implement security best practices.
• Training employees on security awareness and compliance
• Staying updated with emerging threats, security technologies, and regulatory
• Ability to quickly adapt security strategies to evolving IT environments and
• Writing security reports, compliance documentation (SSPs, POA&Ms), and security
• Communicating security risks effectively to both technical and non-technical stakeholders
• Strong organizational skills with the ability to multi-task, manage time effectively, and handle tight deadlines.
• Highly responsive to requested
• Proficient in analysis activities and capable of applying theoretical body of knowledge, including the ability to apply a variety of standard and advanced analytical techniques and tools.
• Extensive knowledge of business issues and processes as well as IT and Security resources and enabling technologies.
• Skilled in the use of advanced analysis, facilitation and consultative techniques and tools and the ability to apply them in multiple settings of significant complexity.
• Excellent oral and written communication skills including the ability to effectively consult with stakeholders on a diverse range of IT activities.
• Ability to work with confidential and proprietary information using utmost

Responsibilities

• Architect and implement Splunk dashboards for data-center asset inventory and vulnerability reporting
• Build Executive dashboards that filter and highlight critical assets for situational awareness
• Normalize dashboard layouts, panels, and visualizations to a consistent styling and naming convention
• Optimize searches and SPL queries for performance and scalability
• Integrate new data sources and onboard security systems into Splunk
• Map CVE and asset owner data into asset-centric dashboards
• Produce and maintain dashboard documentation: data sources, queries, drill-downs, and user guides
• Collaborate with stakeholders to plan new dashboards, define requirements, wireframes, and success metrics
• Assess, develop, and implement security policies and procedures to align with frameworks such as NIST RMF, FedRAMP, FISMA, ISO 27001, and DoD STIGs.
• Conduct security risk assessments and gap analyses to identify vulnerabilities in systems and networks.
• Ensure compliance with federal regulations, industry standards, and organizational security policies.
• Assist in the preparation of System Security Plans (SSPs), Security Control Assessments (SCAs), and Authority to Operate (ATO) packages.
• Perform Plan of Action & Milestones (POA&M) management, tracking remediation efforts for security findings.
• Monitor security logs, alerts, and events using SIEM tools (e.g., System Security / Information Assurance Analyst, ArcSight, etc.) to detect, investigate, and mitigate cyber threats.
• Respond to security incidents, vulnerabilities, and breaches, conducting forensic analysis and impact assessments.
• Develop and refine incident response plans (IRPs) and participate in cybersecurity exercises and drills.
• Configure and manage security controls, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint security, and encryption solutions.
• Support the implementation of Zero Trust Architecture (ZTA) and Identity & Access Management (IAM) controls.
• Perform patch management and vulnerability remediation for IT assets, ensuring compliance with security benchmarks (DISA STIGs, CIS Benchmarks, SCAP).
• Develop and maintain security documentation, policies, and procedures for system accreditation.
• Conduct security awareness training for employees and stakeholders.
• Support audit and certification processes, working with internal and external security assessors.
• Review secure software development lifecycle (SDLC) practices, ensuring applications meet security best practices.
• Assist in securing cloud-based environments (AWS, Azure, Google Cloud) through security controls like CASB, CSPM, and cloud encryption.
• Conduct security reviews for third-party applications and vendors to mitigate supply chain risks.