Splunk Security Engineer

About The Position

Requirements

• Active DoD TS/SCI clearance.
• Bachelor's degree and 12+ years of experience or Master's and 10+ years. Additional experience, training, or certifications may be considered in lieu of a degree.
• Current IAT Level II certification (e.g., Security+ CE) or the ability to obtain within 30 days.
• 5+ years in Splunk SOAR/Phantom: playbook development, troubleshooting, and integrations.
• Deep expertise in Splunk Administration, security event analysis, and Python-based automation.
• Strong working knowledge of cross-platform integrations and security tool APIs.
• Experience with process improvement in fast-moving security environments.

Nice To Haves

• IAT Level III certification (e.g., CISSP).
• Splunk Certified Enterprise Security Administrator.
• Proficiency in standard DoD Security and Operational products such as Active Directory, DNS, FWs (packet flows), Email, ACAS, Trellix/Tanium, Splunk, STIGs, Windows/Linux and the standard services associated with these operating systems and products.
• Technical writing skills for SOPs and integration documentation.
• Completion of Splunk SOAR training courses.
• Experience with MITRE ATT&CK integration and SOC-level triage workflows.

Responsibilities

• Develop, maintain, and execute automated SOAR playbooks that interact across systems and devices.
• Analyze log events, correlate data across multiple sources, and enhance threat detection and response workflows.
• Design integrations between Splunk SOAR and standard DoD products such as Trellix ePO, Tanium, Cisco (FirePower, ISE, Email Gateways, AMP, switch/routers), Palo Alto Firewalls, Microsoft Active Directory, DNS, Exchange, SharePoint, IIS, SQL, Apache, Tomcat, RSA SecurID, Tenable.SC and Nessus, VMWare vCenter/ESXi, ServiceNow, Azure and AWS, NetApp, Windows and Linux.
• Configure and manage Splunk Enterprise Security, including maintaining CIM compliance, Risk-Based Alerting (RBA), ticketing, and SIEM integrations.
• Update and configure new Enterprise Security Content Updates when released.
• Lead the full lifecycle of automation - from concept through deployment to documentation and tuning.
• Build visual dashboards, reports, and context-aware incident response tools.
• Support operational readiness, compliance, and proactive detection technologies across endpoint, cloud, network, and email infrastructures.
• Apply patches and upgrades to Splunk SOAR and connectors.
• Maintain existing/create new fleet of Development VMs (Windows, Linux) that allow you to test and demonstrate playbook functionality.
• Fully test and document playbook execution in the Development environment and be authoritative on presentation of playbook examples to new teams targeted for integration.