Sr Splunk Engineer

Cherokee FederalUnited States,
$150,000 - $160,000

About The Position

Criterion Systems, a Cherokee Federal company, is seeking a Senior Splunk Detection Engineer to support the National Science Foundation (NSF) Cybersecurity & Privacy Program. This hands-on Detection Engineering role is responsible for improving Security Operations Center (SOC) effectiveness through high-fidelity detections, Risk-Based Alerting (RBA), alert tuning, incident response collaboration, and future security automation initiatives. The successful candidate will partner closely with Security Operations, Incident Response, Cloud Engineering, and Vulnerability Management teams to build scalable detection capabilities that reduce false positives, improve analyst efficiency, and strengthen NSF's cybersecurity posture.

Requirements

  • Active Public Trust clearance or the ability to obtain one.
  • Minimum seven (7) years of cybersecurity experience, including four (4) years in Detection Engineering, Security Operations, Incident Response, or Splunk Enterprise Security.
  • Experience building and tuning Splunk Enterprise Security correlation searches.
  • Hands-on Risk-Based Alerting (RBA) implementation experience.
  • Practical Incident Response experience or close partnership with IR teams.
  • Strong understanding of MITRE ATT&CK.
  • Experience improving detection fidelity and reducing false positives.
  • Strong AWS security knowledge including GuardDuty, CloudTrail, Security Hub, IAM, EC2, S3, and VPC Flow Logs.
  • Proficiency with SPL, Python, REST APIs, and Git.
  • Experience developing Splunk dashboards, reports, and investigations.
  • Excellent written and verbal communication skills.
  • Must pass pre-employment qualifications of Cherokee Federal.

Nice To Haves

  • Splunk Enterprise Security certifications
  • Splunk SOAR (Phantom)
  • Detection-as-Code
  • Sigma and YARA
  • CrowdStrike or Microsoft Defender for Endpoint
  • ServiceNow Incident Response
  • Knowledge of FISMA, NIST RMF, FedRAMP, and CMMC

Responsibilities

  • Design, build, test, and continuously improve Splunk Enterprise Security detection content.
  • Develop and tune correlation searches, notable events, adaptive response actions, dashboards, and investigation workflows.
  • Implement and optimize Risk-Based Alerting (RBA) strategies.
  • Improve detection quality while reducing false positives and minimizing false negatives.
  • Map detections to the MITRE ATT&CK Framework and maintain coverage metrics.
  • Partner with Incident Response teams to convert real-world incidents into improved detection content.
  • Participate in threat hunting, incident investigations, tabletop exercises, and purple team activities.
  • Develop cloud detections leveraging AWS GuardDuty, CloudTrail, Security Hub, IAM, EC2, S3, VPC Flow Logs, and related telemetry.
  • Maintain Common Information Model (CIM) compliance and improve data normalization.
  • Measure detection quality through precision, recall, MTTR, and analyst workload reduction.
  • Support future Splunk SOAR (Phantom) automation initiatives.
  • Integrate Splunk Enterprise Security with ServiceNow Incident Response and other security technologies.
  • Collaborate with Security Operations, Cloud Engineering, Vulnerability Management, and Incident Response teams.
  • Performs other job-related duties as assigned.

Benefits

  • Medical
  • Dental
  • Vision
  • 401(k)
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service