Senior Splunk Engineer & Cyber Defense Analys

About The Position

Requirements

• Active DoD TS/SCI (U.S. Citizenship required)
• 8+ years in Cyber/IT, including: 5+ years Splunk Administration, 3+ years operational threat hunting
• Expert-level Splunk ES, CIM, btool, and search optimization experience
• Meets DoDM 8140.03 qualification for DCWF 511 or 531 (Intermediate+)
• Qualifying certifications: GCIA, GCIH, GCFA, GCDA, GNFA, or CySA+
• Security+ CE (or equivalent IAT II/III baseline requirement)
• Strong Python (Splunk SDK), Bash, and/or PowerShell scripting

Nice To Haves

• Experience with Cribl Stream/Edge
• Advanced Splunk certifications (Architect, Consultant)
• Cloud telemetry integration experience (AWS GovCloud or Azure Gov IL5/IL6)

Responsibilities

• Architect, deploy, and sustain clustered Splunk Enterprise 9.x+ environments (SHC, Indexer Clustering, Cluster Master) on RHEL 8/9
• Engineer data ingestion pipelines
• Develop dashboards (Dashboard Studio), SPL searches, macros, and Python-based commands
• Perform security monitoring procedures to identify, analyze and respond to cybersecurity events and incidents
• Conduct proactive hunts based on MITRE ATT&CK across endpoint, network, and cloud telemetry
• Lead Risk-Based Alerting (RBA) and TI Framework development within Splunk ES
• Build and tune detections using SPL or Sigma
• Perform deep-dive incident investigations and support JFHQ-DODIN reporting
• Serve as the technical escalation point for the SOC
• Mentor Tier 4-8 analysts in SPL, detection engineering, and adversary TTPs