Senior Cyber Security Engineer (Splunk)

CACI International•Chantilly, VA

1d•$103,800 - $218,100•Onsite

About The Position

Step into a mission-driven cybersecurity role where your expertise directly strengthens the security, resilience, and intelligence of an enterprise-scale environment. We’re looking for a Senior Cyber Security Engineer who is passionate about protecting critical systems, solving complex technical challenges, and building high‑performance data collection and monitoring capabilities that empower smarter decision-making.

Requirements

An active TS/SCI with Polygraph is required.
Bachelor’s degree, or 4+ years of additional cybersecurity experience in lieu of a degree.
5+ years in a cybersecurity-focused role.
Hands-on experience with SIEM platforms and/or Splunk.
Strong understanding of Linux administration, operating system security best practices, TCP/IP networking, and network security fundamentals.
Familiarity with Certification & Accreditation (C&A) processes.
Working knowledge of DoD policies and technical security guidelines for information systems.
DoD Directive 8570.1 IAT Level II or higher certification (or ability to obtain within 6 months).
Active Splunk certification.

Nice To Haves

Experience with Red Hat, CentOS, or similar Linux distributions.
Exposure to AWS or other cloud platforms.
Knowledge of ICS 500‑27 audit collection requirements.
Familiarity with Enterprise Security Services, Host-Based Security Services, Enterprise Vulnerability Scanning Services, and User Activity Monitoring (UAM).
Ability to tailor data feed creation to ensure logs are standardized according to policy and compliance standards.

Responsibilities

Troubleshoot and resolve new or existing data collection issues to ensure accurate, reliable ingestion of security‑relevant data.
Diagnose and remediate system issues affecting stability, performance, and overall usability.
Deploy, manage, and maintain both supported and unsupported Splunk Add‑ons across diverse data sources.
Develop and maintain detailed documentation, including BOE artifacts, engineering documentation, change management records, system security plans, and accreditation materials.
Deliver comprehensive Splunk deployment documentation outlining specifications, deployment strategies, and architectural considerations for production environments.
Implement and uphold strict role‑based access controls to ensure data is shared only on a validated need‑to‑know basis.
Design and deploy Splunk forwarders using centralized configuration management via the Splunk Deployment Server, enabling rapid and consistent deployments.